The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog

Security Frameworks and Compliance Initiatives

A proactive approach to meeting requirements with the CyCognito platform.

The platform preempts attacks and helps satisfy key elements of most common security frameworks and many regulatory compliance standards. The CyCognito platform achieves this by discovering and testing your entire attack surface, prioritizing what needs to be fixed first, and automatically validating remediation.

Security Frameworks

MITRE ATT&CK

MITRE ATT&CK

The CyCognito platform helps you address tactics in the MITRE ATT&CK framework, a free and open knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. While the majority of the ATT&CK framework is geared to providing insight into detecting attackers in real-time during an attack, its Reconnaissance and Resource Development tactics are focused on attacker preparation.

The CyCognito platform preempts attacks by addressing these two tactics. The platform also offers some support for the later ATT&CK tactics such as Initial Access, Execution, Persistence, Privilege Elevation, Defense Evasion, Credential Access, Discovery, Lateral Movement, and Collection.

International Organization for Standardization ISO/IEC 27000 Series

The CyCognito platform contributes to addressing ISO 27001:2013 sections “6.1.2 Information Security Risk Assessment,” “9.1 Monitoring, Measurement, Analysis and Evaluation” and “10.1 Noncomformity and Corrective Action.” Of the 14 Categories in the Annex A controls, the CyCognito platform contributes significantly to three; A.8 Asset Management, A.12 Operations Security, and A.13 Communications Security.

One of the most widely known security standards, ISO/IEC 27000 series is a mature international framework focused on information security. Developed by the International Organization for Standardization (ISO), it is the cybersecurity equivalent of the ISO 9000 quality standards for manufacturers and operational excellence. It’s very comprehensive and broad, and can be used across a wide range of types and sizes of businesses.


NIST Cybersecurity Framework

The CyCognito platform helps organizations follow this standard by mapping closely to the Identify and Protect functions of the NIST Framework, and contributing to Detect, Respond and Recover functions.

The National Institute of Standards and Technology (NIST) Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications among both internal and external organizational stakeholders.

The table here shows shows where the CyCognito platform contributes to the NIST CyberSecurity Framework.

The NIST Risk Management Framework (RMF), also known as special publication (SP) 800-53, provides a list of controls that support the development of secure and resilient federal information systems. NIST SP 800-53 rev. 5.1/800-53B is the latest version, containing 20 control families, each with multiple controls divided into low, medium and high priority.

The CyCognito platform aligns partially or substantially to 10 of the 20 control families as applied to externally facing assets. To learn more about how CyCognito aligns with NIST 800-53, download the datasheet here.

ORANGE = CyCognito maps significantly to the category
YELLOW = CyCognito offers a complementary, incidental, or ancillary mapping


Center for Internet Security
Critical Security Controls (CIS CSC)

The CyCognito platform helps organizations follow this standard by mapping closely to the Identify and Protect functions of the NIST Framework, and contributing to Detect, Respond and Recover functions.

The security controls give pragmatic, actionable recommendations for cyber security. The CyCognito platform maps to 14 of the CIS controls at least partially and provides extensive coverage around inventory of assets, vulnerability and penetration testing, and security of ports and services.

The table here shows broadly where the CyCognito platform contributes to the CIS CSC v7.0.

The CIS guidelines consist of 20 key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks. The controls are designed so that primarily automated methods can be used to implement, enforce and monitor them.

ORANGE = CyCognito maps significantly to the category
YELLOW = CyCognito offers a complementary, incidental, or ancillary mapping

Compliance Standards

GDPR and Other Data Privacy Regulations

div class="column">

The CyCognito platform helps organizations maintain GDPR compliance with proactive risk assessment that identifies where sensitive data, including PII, may be exposed. It identifies web servers that have logins that interface with databases, for example, and can identify associated web applications collecting PII, wherever they are hosted.

The platform’s automatic risk prioritization and detailed remediation guidance make it efficient to build compliance adherence into security operations workflows. You can assess, monitor and remediate potential GDPR violations with GDPR-specific security hygiene policies, issues and alerts in the CyCognito platform. The platform’s remediation validation, security grading and analytics capabilities help your organization document its GDPR compliance validation.

The CyCognito platform helps your organization comply with other data privacy regulations around the globe that include protections for the way that PII is obtained, processed and stored. Beyond GDPR, these include:

More About Data Privacy

Worldwide, 132 out of the 194 countries have legislation to protect data and privacy according to the United Nations Conference on Trade and Development. The CyCognito platform helps your organization fulfill data privacy compliance regulations by assessing your attacker-exposed risks across your extended IT ecosystem, identifying hidden assets and attack vectors, and locating assets where personally identifiable information (PII) could be inadvertently exposed.

Europe’s General Data Protection Regulation (GDPR) which affects all organizations doing business with European natural citizens, is arguably the most stringent data privacy regulation in the world and can result in significant fines for violations. Organization must track where PII is being collected and stored and whether those assets are exposed to external attack, regardless of whether they are owned by the organization or in a cloud environment operated by a third-party service.


NIST Special Publication 800-53

The CyCognito platform maps partially or substantially to 11 of the 19 NIST control families including: Risk Assessment, Assessment, Supply Chain Risk Management, Configuration Management, Communications Protection, Access Controls, Audit and Accountability, Authorization and Monitoring, Identification and Authentication, Incident Response, and PII Processing and Transparency.

The NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations is a US standard publication that provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks.

Platform Datasheet

CyCognito Alignment with NIST 800-53

The CyCognito solution aligns partially or substantially to 10 of the 20 control families as applied to externally facing assets. See details for more information on alignment.