IT security teams are well aware their organizations are under constant attack. Reconnaissance scans and initial access attempts – logged nearly every day on heavily monitored web servers, SSH gateways and VPN gateways – are harsh reminders of exposure and risk.
Read more about Three Actions to Reduce External RiskCyCognito Blog
Your source for exposure management research, product news, and security insights.
Search the Blog
Despite eradication efforts, Log4j continues to haunt large corporations eight months after the critical vulnerability was discovered.
Read more about Risky Business: Enterprises Can’t Shake Log4jRussian cyberattacks, Log4J and compliance top the list of concerns for Anne Marie Zettlemoyer, CyCognito’s new Chief Security Officer (CSO).
Read more about Three Minutes With Anne Marie Zettlemoyer, CyCognito’s CSO
We’ve seen across our customers that the typical attack surface changes by one to three percent every day.
Read more about Addressing Attack Surface Cyber Risk: An Interview with Rob Gurzeev, CEO
While some organizations may be fine with an ASM solution that automatically bundles in pen testing, for more companies I think CyCognito, supplemented with a dedicated pen testing team, is a better solution.
Read more about BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen TestingMergers and acquisitions, poorly managed web apps and insecure PII represent biggest risks tied to external attack surfaces in 2022.
Read more about Exclusive EASM Report: Mergers and Acquisitions Top 2022 External Attack Surface Management Risks
At CyCognito, our mission is to help organizations protect themselves from even the most sophisticated attackers. We can’t do that unless we ourselves maintain the highest standards of security. That’s why we’re pleased to announce that CyCognito has achieved SOC 2 Type 2 accreditation.
Read more about CyCognito Achieves SOC 2 Type 2 Compliance“Bad news, early” is a common business mindset designed to communicate urgency behind the need to identify small problems before they become big problems.
Read more about CyCognito Operationalizes CISA Known Exploited Vulnerabilities Catalog
On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
Read more about Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IPNIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4Shell