The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us

The knowledge you need to manage and protect your attack surface.

What's New Blog

Beating Attackers at Their Own Game – Preventing Cybercrime

By Rob Gurzeev
CEO & Co-Founder
November 19, 2019
Automating Offensive Security Processes to Discover and Defend the Attack Surface

The CyCognito journey began with a keen awareness that in the battle against cybercrime, attackers often have the upper hand. They need to find any weak spot, the “weakest zebra in the herd” so to speak, while security teams must defend every possible point of entry in an always changing attack surface. To compound the problem, most organizations have potential points of entry unseen by security teams, but easily discoverable by threat actors. 

Key Problems Facing Security Teams Today

While the security tools that organizations rely on, and spend most of their budget on, haven’t fundamentally changed in the last 25 years, the enterprise IT they need to protect has. Exposure levels and the global threat context have changed significantly too. Consider that:

  • Organizations have expanded and broadly diversified their IT resources on-premises and in the cloud, making continuous monitoring and timely mitigation much more difficult.
  • Current solutions, designed when companies had only a few servers connected to the internet, rely on user input and configuration and leave unprotected the broad swath of newer assets that organizations use, but likely aren’t managing themselves, including third-party IT assets, cloud resources, and subsidiaries’ IT environments.
  • Threat actors are using offensive scanning and exploitation capabilities that are cheaper, more automated, and widely available.
  • Cybercrime can be an attractive occupation, especially in countries where the median monthly income is less than $500 per month.

Attackers have very specific goals – money or information – and they always look for the path of least resistance making the task of preventing cybercrime seem impossible. They are drawn to the opportunities that legacy tools and manual procedures ignore: unmanaged and unknown assets.

With this context, my co-founder, Dima Potekhin, and I thought: “What if we could shift the paradigm, and instead of deploying agents or instructing a port scanner to scan a few known IP ranges, we could actually identify which ‘zebras’ are at risk and which open pathways are most tempting to bad actors?” We looked to simulate an attacker’s whole offensive operation, starting from step one, where the attacker knows only a target company’s name and has “compromise” as an objective.

In 2017, we began to make this happen with the mission of protecting organizations from exploitation, using methods that were only being used by highly organized, well-funded nation-state actors.

A Better Approach – A Large-Scale, Highly Robust Reconnaissance Process for “Offensive Security”

From our national intelligence agency experience, we knew attackers easily succeeded when security teams had visibility gaps and were unable to map and manage their organization’s assets. That’s when sensitive business assets on internal networks, in the cloud, and on partner or subsidiary networks get exposed or forgotten.

Attacks on those exposed elements can quickly spiral into a nightmare situation because they often include pathways to payment mechanisms (exposing customer credit card data), DevOps components (exposing source code and keys), intellectual property, and third-party gateways (exposing access to other companies’ internal networks). Once those exposed assets are breached, they put business stability and important relationships at risk. 

To allow security teams to understand what’s exposed, and the paths of least resistance, we committed ourselves to developing a platform that could deliver large-scale automation of the whole reconnaissance process, a process that can take an attacker weeks, if not months, to run per organization. Performing that reconnaissance quickly would neutralize 99% of potential attack vectors – or at least make them very costly and complex – and performing that at a massive scale, for thousands of organizations, would change the dynamics for attackers and for the security products market.

Finding the Unknown and Unmanaged Assets

To find and map unknown and unmanaged assets, we built one of the biggest botnets in operation today, which scans and gathers data from 3.5 billion servers and connected devices. Our platform gathers dozens of fingerprints per asset and builds a graph data model with this massive volume of data to create a unique and powerful attack surface map for an organization that includes the business classification or context of each asset. This gives security professionals a deeper understanding of an organization’s true risks and provides far more detail and insight than port scanners – which only gather two to three data points per asset, show a one-dimensional perspective using IP addresses, and do not understand business context.

In the graph data model our platform creates, every node and asset have the full context of other assets in the same environment, the assets connected to it, and the types of data those assets expose. Our attack surface graph provides entirely new levels of visibility and prioritization, enabling organizations to decrease the number of critical attack vectors that security teams need to focus on.

In this way, an organization’s entire ecosystem is revealed for the first time, including those assets that have long been exposed as attractive conduits for malicious exploitation. Stressed-out security teams suddenly have new control to identify, prioritize and eliminate the critical blind spots that legacy solutions have failed to see. As a result, attackers are denied the easy access that they seek. And then, they are likely to move on in search of easier “prey.” And Dima and I say, “Mission accomplished.”


Recent Posts

Top Tags

CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.