Your source for exposure management research, product news, and security insights.
While some organizations may be fine with an ASM solution that automatically bundles in pen testing, for more companies I think CyCognito, supplemented with a dedicated pen testing team, is a better solution.
Read more about BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen TestingMergers and acquisitions, poorly managed web apps and insecure PII represent biggest risks tied to external attack surfaces in 2022.Â
Read more about Exclusive EASM Report: Mergers and Acquisitions Top 2022 External Attack Surface Management RisksAt CyCognito, our mission is to help organizations protect themselves from even the most sophisticated attackers. We canât do that unless we ourselves maintain the highest standards of security. Thatâs why weâre pleased to announce that CyCognito has achieved SOC 2 Type 2 accreditation.Â
Read more about CyCognito Achieves SOC 2 Type 2 ComplianceâBad news, earlyâ is a common business mindset designed to communicate urgency behind the need to identify small problems before they become big problems.Â
Read more about CyCognito Operationalizes CISA Known Exploited Vulnerabilities CatalogOn May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
Read more about Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IPNIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4ShellThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more about Detecting and Validating Spring4Shell Vulnerability: CVE-2022-22965Over the years, pen tests have increasingly become a mandated component of regulatory and compliance standards. The Payment Card Industry Data Security Standard (PCI DSS) requiring pentests be performed in card data environments (CDEs) grew this need for compliance-based pen testing.Â
Read more about How to Get the Most out of Pen TestsDespite the best efforts of automation and AI, we will always need people to prevent hackers from stealing data and wreaking havoc on computer networks essential for most businesses today. In essence, a domino effect over the last two years of Covid-19 has led to the âGreat Resignationâ and the âGreat Retirement.â
Read more about The Great Resignation Isn’t Going Away. Here’s How to Retain Your Cybersecurity Employees.Exploit Intelligence offers an end-to-end solution that prioritizes which risks to remediate immediately, before they are exploited, by proactively discovering external assets, testing vulnerabilities, and providing expert threat- plus risk-based insight.
Read more about Empowering Security Operations To Know Which Risks to Remediate First
