The seasoned chief information security officer (CISO) was looking for an efficient way to discover his organization’s attack surface and its most critical risks.
“All CISOs have an ongoing need to identify changes in the IT environment and quickly respond to new threats,” he says.
It’s difficult to identify an organization’s “shadow risk,” hidden risk that may be unseen or unmanaged, but provides a path of least resistance to attackers. The CISO found that most solutions positioned as providing attack surface discovery don’t deliver. They are incomplete offerings that require other supporting tools and manual work. For example, vulnerability management platforms actually require as input the contours of an organization’s attack surface.
“Companies get breached due to something they didn’t know about. The warden doesn’t see all the prisoners at the same time,” the CISO notes.
Penetration testing is point-in-time and limited in scope, and dedicated attack surface discovery tools don’t provide risk and prioritization information. He notes that one peer in a larger organization was trying to solve the problem of attack surface management and cyberthreats with hundreds of red and blue team members. “The typical organization can’t afford that,” he says.
Automatically providing comprehensive visibility to their entire attack surface
Ongoing visibility to new vulnerabilities and new assets in their attack surface with continuous discovery and monitoring
Helping the team quickly identify, prioritize and remediate critical risks
Allowing them to eliminate two pen tests a year for an annual savings of $80,000
"CyCognito provides a true platform
that cuts across multiple market categories.
It gives us greater visibility to our attack
surface than other solutions we’ve used
and the type of risk assessment depth that
normally requires an expert pen tester. The CyCognito platform applies automated technology to solve problems that people, legacy tools and processes alone aren’t solving.”
CyCognito was the first solution that offered the kind of attack surface discovery and risk assessment the CISO had been searching for and that exceeded what he was able to do using legacy solutions supplemented by a couple of team members. “The CyCognito platform applies automated technology to solve problems that people, legacy tools and processes alone aren’t solving,” he says.
“We tried a variety of approaches, including attack surface discovery products, vulnerability scanners, pen tests, breach and attack simulation products, and staff,” he says. “Some could solve parts of the problem, but not automatically or continuously. CyCognito cuts across product categories.”
The CyCognito platform increases the efficiency of the security operations team and gives the investment management company a greater return on investment from their security efforts improving their security posture.
In the future, the CISO says the CyCognito platform will enable:
Real-time intelligence about risks on assets tied into business workflows.
Business analysts will get notified of new risks. The CyCognito platform can provide actionable security information for business owners.
Integration with the organization’s managed security services provider (MSSP).
The integration enables threat and risk level for every asset is correlated between the platform and the MSSP.
Full use and integration of the platform alerts about new assets and new risks.
This process will focus on the company’s highest value assets, so that a medium alert on a high-value asset gets more attention than a medium alert on a low-value asset.
“The CyCognito platform enables us to do things we’ve never done before,” says the CISO, “that’s a huge capability.”