The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Research

Exclusive EASM Report: Mergers and Acquisitions Top 2022 External Attack Surface Management Risks

Tom-Spring
By Tom Spring
Media Manager
June 2, 2022

Mergers and acquisitions, poorly managed web apps and insecure PII represent biggest risks tied to external attack surfaces in 2022. 

CyCognito, the leader in external attack surface management, examines challenges facing Global 2000 companies in its exclusive report Anybody Got a Map? The Danger of Subsidiary Sprawl and Unknown Unknowns in External Attack Surface Management.

CyCognito reveals the unique challenges facing security teams as a direct result of a record number of mergers and acquisitions in 2021 – a trend expected to continue in 2022. The report, to be released during the 2022 RSA Conference, is designed to drive awareness among CISOs and security teams helping them keep pace with a fluctuating attack surface and related security issues. 

Key takeaways of those Global 2000 companies surveyed include:

  • M&A activity is growing or shrinking an organization’s attack surface by 5.5% each month. 
  • Impacted by M&A activity is the average of 95 subsidiaries per Global 2000 companies. 
  • Organizations were initially unaware of 10-to-30% of their subsidiaries

These conditions make it extremely difficult for security and IT managers to have a 360 degree view of their entire external attack surface. This increases the odds of gaps in their attack surface going unseen, opening them up to dangerous and preventable risks such as Log4J. 

CyCognito’s  Anybody Got a Map? The Danger of Subsidiary Sprawl and Unknown Unknowns in External Attack Surface Management report also notes the potential privacy risks consumers face as they place trust in organizations who provide them with online applications to bank, pay bills and schedule appointments with health professionals.

“Web apps are high risk for business and consumers alike because they often contain personal identifiable information (PII). And too often we are seeing web apps go under-managed by security teams suffering from poor visibility into their attack surface because of digital asset sprawl,” said Ansh Patnaik, chief product officer, CyCognito.

CyCognito reports that these organizations have an average of 5,000 web apps each, representing up to 7 percent of their external attack surface assets. Of those web apps, PII was found in 9%, creating data risks and liability issues for organizations and their customers. Digital assets also include DevOps and SecOps tools, cloud products and device web interfaces. 

The report reveals top web app security issues still plaguing firms today include:

  • Open source JavaScript vulnerability library issues (jQuery, JQuery-UI and Bootstrap)
  • Unmaintained Digital Assets (DevOps and SecOps tools, cloud products and device web interfaces)
  • Clickjacking vulnerabilities (where a browser-based user interface is manipulated to trick users into clicking on malicious links)

Web apps are where most risk resides, Patnaik said. Top potential attack vectors include database focused SQL Injection and Cross-Site Scripting redirection risks. 

CyCognito’s Anybody Got a Map? The Danger of Subsidiary Sprawl and Unknown Unknowns in External Attack Surface Management will be released at the 2022 RSA Conference at an offsite venue (The Veranda, directly adjacent to the Moscone Center South) at 3pm on Tuesday, June 7th. 


Topics





Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.