The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us

The knowledge you need to manage and protect your attack surface.

What's New Blog

Reporting Security Issues

If you believe you have discovered a vulnerability in the CyCognito platform or have a security incident to report, send us an email to report it. Upon receipt of your message we will send an automated reply that includes a tracking identifier.

CyCognito’s responsible disclosure policy

We believe that vulnerability disclosure is a two-way street. Vendors, as well as researchers, must act responsibly. This is why CyCognito uses a 90-day disclosure timeline. We promptly notify vendors of vulnerabilities upon our discovery and validation with details normally shared in public with the defensive community after 90 days from our notification to the vendor, or sooner if the vendor releases a fix before that time.

That 90-day disclosure timeline may vary in the following ways:

If the 90-day timeline is due to expire on a weekend or US public holiday, the period will be extended to the next normal work day.

Before the 90-day deadline has expired, if a vendor lets us know that a patch is scheduled for release on a specific day that will fall within 30 days following the end of the 90-day period, we will delay the public disclosure until the availability of the patch.

When we observe a previously unknown and unpatched vulnerability in software under active exploitation (a “0day”), we believe that more urgent action—within 30 days—is appropriate. The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more devices or accounts may be compromised. As a result, after 30 days have elapsed without a patch or advisory, we will support researchers making details available so that users can take steps to protect themselves.

As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances. We remain committed to treating all vendors strictly equally. CyCognito expects to be held to the same standard.

This policy is strongly in line with our desire to improve industry response times to vulnerabilities, but also results in softer landings for vulnerabilities marginally over the 90-day timeline. We call on all researchers to adopt vulnerability disclosure policies as well. Reducing timelines for fixes will result in smaller windows of opportunity for vulnerabilities to be exploited.