CyCognito Blog

Posts tagged ‘Attack Surface Management’

Research

What Over 2 Million Assets Reveal About Industry Vulnerability

Zohar-Venturero
By Zohar Venturero
Data Scientist
July 15, 2025

We analyzed more than two million internet-exposed assets across cloud, on-prem, APIs, and web apps, discovered by our platform over the past 18 months. Using attacker-simulated testing, including black-box pentesting, dynamic application security testing (DAST), and active vulnerability scanning, we mapped how exploitable exposures cluster by industry and asset type. The results reveal systemic weaknesses in how organizations govern their digital perimeter, especially in environments shaped by rapid growth, third-party dependencies, and fragmented ownership.

Go to the Post


Perspectives

The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01

Carrie-Oakes
By Carrie Oakes
Was Sr. Director of Product Marketing
February 26, 2024

CISA’s proactive approach to cybersecurity is highlighted, focusing on two directives: BOD 22-01, which mandates agencies to consult the “Known Exploited Vulnerabilities Catalog,” and BOD 23-01, aimed at improving agency asset visibility and vulnerability detection. These directives emphasize asset discovery and vulnerability enumeration as crucial activities for risk reduction. CyCognito’s platform aligns with these directives by automating discovery, contextualizing assets, and prioritizing vulnerabilities based on attacker perspective, enabling organizations to efficiently close gaps in their attack surface management.

Go to the Post


Products

API Detection with CyCognito

Tim-Matthews
By Tim Matthews
Was Chief Marketing Officer
November 6, 2023

CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization’s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.

Go to the Post


Research

It’s 10pm – Do You Know Where Your PII Is?

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 6, 2023

Have you ever wondered just how much the average external attack surface changes every month?

Go to the Post


Perspectives

Vulnerability Prioritization: What to Consider

Greg-Delaney
By Greg Delaney
Was a Senior Product Marketing Manager at CyCognito
August 24, 2023

Vulnerability prioritization is the process of identifying and ranking vulnerabilities in order to focus efforts on the most important vulnerabilities.

Go to the Post


Perspectives

External Exposure Management: Key to Safeguarding Your Attack Surface

Tim-Matthews
By Tim Matthews
Was Chief Marketing Officer
August 3, 2023

Manage the entire attack surface with external exposure management. Learn more about the key ways to safeguard your attack surface at CyCognito.

Go to the Post


Perspectives

Rash of Breaches Hit Businesses in Australia Hard

Tom-Spring
By Tom Spring
Was a Media Manager at CyCognito
November 17, 2022

Recent spate of Aussie breaches spur huge fines to push security teams to tighten their external attack surface.

Go to the Post


Research

Study: EASM Products Boost Security While Reducing Costs

Tom-Spring
By Tom Spring
Was a Media Manager at CyCognito
November 17, 2022

What is the economic impact of adding an External Attack Surface Management platform to your 2024 cybersecurity roadmap?

Go to the Post


Perspectives

How to Get the Most out of Pen Tests

Phillip-Wylie
By Phillip Wylie
Was Hacker in Residence at CyCognito
March 30, 2022

Over the years, pen tests have increasingly become a mandated component of regulatory and compliance standards. The Payment Card Industry Data Security Standard (PCI DSS) requiring pentests be performed in card data environments (CDEs) grew this need for compliance-based pen testing. 

Go to the Post


Perspectives

Principles of Attack Surface Protection: Discover Everything

Rob-Gurzeev
By Rob Gurzeev
CEO & Co-Founder
February 24, 2022

Imagine a cybersecurity team that is working hard with the usual tools and best practices. All seems on course for protecting the enterprise attack surface.

Go to the Post


Older Posts

Topics


Search the Blog



Featured Posts

Emma Zaballos
A New Framework: Understanding Exposure Management 
By Emma Zaballos
November 11, 2024
Jason Pappalexis
Six Signs that Exposure Management is Right for Your Organization
By Jason Pappalexis
October 14, 2024
Jason Pappalexis
Think your attack surface is covered? Let’s look at the math.
By Jason Pappalexis
September 30, 2024
Emma Zaballos
Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report
By Emma Zaballos
September 23, 2024
Graham Rance
Web Application Security Testing: Struggles, Shortfalls and Solutions
By Graham Rance
June 3, 2024


Top Tags


Stay informed

Subscribe to the Blog

Subscribe now to get the latest insights delivered straight to your inbox.

CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.

Request a Scan