The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Products

Exploit Intelligence: An EASM Force Multiplier

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 20, 2022

Threat intelligence can feel like a firehose of data to security teams who are already struggling to keep their heads above water patching, fixing and hardening networks.

We like Gartner’s definition of threat intelligence, which is “evidence-based knowledge about existing or emerging hazards or menaces to assets.” Key Gartner factors to threat intelligence include:

  • The context of an asset relative to the threat
  • The mechanisms used by hackers to exploit a vulnerability
  • Indicators of compromise 
  • The business implications of an asset being compromised. 

If only all parts of that definition were universally adopted across all modern security programs, threat intelligence would be among the most powerful weapons in a defenders’ arsenal. It would allow security teams to go from reactive to proactive overnight.

One fresh approach to solving this challenge is a new category within External Attack Surface Management (EASM) called Exploit Intelligence. It fills the gap between threat intelligence and vulnerability management. It allows security teams to weigh heavily the probability of an attack and the attractiveness of a vulnerable asset when prioritizing what the most urgent mitigation efforts must be. 

It’s a huge differentiator within the EASM space, one that solves the firehose problem. Here’s why exploit intelligence is a vital and needed step forward for EASM and security. 

By the way, Exploit Intelligence is also the name of CyCognito’s latest iteration of its EASM platform, announced Thursday.

The Threat Intelligence Challenge

In theory, threat intelligence is a vital part of keeping networks safe, but in practice, threat intelligence isn’t always action-oriented advice. Instead, it is raw data gathered from a broad array of sources, ranging from cybersecurity researchers’ blogs, mainstream media reports and open-source and proprietary threat feeds.

There’s no doubt that the information is valuable, but the stream is deep, broad and fast-flowing. And therein lies the problem. The biggest challenge in operationalizing threat intelligence is figuring out what information (data feed) is pertinent to your organization, as well as determining how to act upon that information.

The Threat Intelligence Firehose

In order to understand which feeds are most relevant, you need foundational knowledge of which assets are present within your environment. 

Mapping your company’s organizational structure is an essential first step. This allows you to understand what your external attack surface looks like to attackers, right down to every subsidiary, connected cloud resource and employee home router.

The next consideration is the external threat landscape. EASM platforms offer an outside-looking-in perspective on your attack surface from an adversary’s perspective. Gartner calls this “evidence-based knowledge about existing or emerging hazards or menaces to assets.” Data is culled via an automated reconnaissance process that factors in a host of data feeds including old and new Common Vulnerability and Exposure (CVE) bulletins.

Threat intelligence also includes specific analyst research developed over time. This data often includes insights from individual analysts who may spend years or even decades deeply embedded in criminal networks and Dark Web forums. Sometimes this deep data pool of threat intelligence is relevant to you, sometimes it’s not. Knowing the difference is key. 

Needless to say, what researchers uncover is not always relevant to your specific organization. Even if a credible threat targeting a particular CVE were to be discovered, it’s only actionable if you know which of your assets have that vulnerability, whether or not it has been patched and where the vulnerable asset is located within your attack surface. 

detailed understanding of your attack surface is the prerequisite for applying threat intelligence. 

Always Be Strategic, Tactical and Operational 

If you want threat intelligence to be relevant and actionable, you need to ask the right questions. Those questions touch on how to use data in a strategic, tactical and operational way. 

Here is a breakdown of the three core EASM threat intel subcategories governing the use of data: 

  • Strategic: data reveals broader attack trends in less-technical or non-technical terms, typically concerning threat actors or so-called Advanced Persistent Threats (APTs).
  • Tactical: data outlines an attackers’ tactics, techniques and procedures (TTP) for a more technical audience – typically including specific Indicators of Compromise (IOCs).
  • Operational: data details specific attack sequences and real-world campaigns, typically providing a combination of strategic and tactical threat intelligence delivered as actionable guidance.

Sipping from the Firehose

To properly leverage threat intelligence first, you need an omniscient-like view of your assets and attack surface. Only then can you connect the dots between potential and real threats and highest risk assets that need immediate mitigation.

Without a 360-degree view of your attack surface, threat intelligence is rarely going to be specific enough to enable you to prioritize activities within your security program and tell you what vulnerabilities to patch first. As they say, adversaries need only one weak point to breach an organization, while you are accountable for every possible vulnerability across your entire external attack surface.

An EASM solution like the CyCognito platform enables you to see your environment exactly as attackers do. Like the tools that attackers use, CyCognito performs comprehensive and ongoing reconnaissance across the entire attack surface to find the path of least resistance into your environment. This lets you see which vulnerabilities are present and, and thus, understand which indicators of compromise (IOCs) in threat intelligence are relevant. 

EASM IQ Boost: Introducing Exploit Intelligence 

By parsing threat intelligence, vulnerability management data and having a complete map of an organization’s unique external attack surface gives you Exploit Intelligence.

This is a new technology category that layers the understanding of how vulnerabilities are currently being exploited in the wild with a map of vulnerabilities in your attack surface. It’s a step toward empowering security teams with knowledge and not just reams of CVE and threat intel data. 

With Exploit Intelligence security teams reduce Mean Time to Remediation of vulnerable assets from weeks to days. CyCognito’s Exploit Intelligence shows you which assets are most impacted by current threats, as well as instructions on how to validate the finding (and advice on whether it’s safe to do so). These are insights you can act upon. 

With Exploit Intelligence you get relevant information that’s tailored to your environment and designed to expedite remediation of the most critical vulnerabilities in your attack surface.

Want to learn more about how EASM and threat intelligence work together? Download our new comparison brief to see how Exploit Intelligence serves as a force multiplier.


Topics





Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.