The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us

The knowledge you need to manage and protect your attack surface.

What's New Blog

Research shows cost, coverage, and cadence limitations leave organizations exposed when they rely on penetration testing to assess security readiness and prevent breaches

Palo Alto, California – April 28, 2021
The Failed Practice of Penetration Testing: A Security Report from CyCognito

CyCognito, the leader in external attack surface management and attack surface protection, today announced new research that shows while organizations invest significantly and rely heavily on penetration testing for cyber security, the widely used approach doesn’t accurately measure their overall security posture orbreach readiness — the top two stated goals among security and IT professionals. The research, conducted by Informa Tech, surveyed enterprises with 3,000 or more employees and found that 70 percent of organizations perform penetration tests as a way to measure their security posture and 69 percent to prevent breaches, yet only 38 percent test more than half of their attack surface annually.

Many organizations are conducting penetration tests to detect and mitigate threats yet remain dangerouslyvulnerable. CyCognito’s research shows that when using penetration testing as a security practice organizations lack visibility over their Internet-exposed assets, resulting in blind spots that are vulnerable to exploits and compromise. Just as locking the front door of a house but leaving the back door and windows unlocked creates an attractive target, attackers will naturally focus on those IT assets organizations leave untested.

Top findings include:

  • It’s common for organizations with 3,000 employees or more to have upwards of 10,000 internet-connected assets, however 36 percent of survey respondents said that only 100 or fewer assetsare covered by pen tests; 58 percent said 1,000 or fewer assets are covered by pen tests.
  • 60 percent report that they are concerned pen testing gives them limited coverage or leaves them with too many blind spots
  • 47 percent say that pen testing detects only known assets and not new or unknown ones
  • 45 percent of respondents conduct pen tests only once or twice per year and 27 percent do it once per quarter, which is woefully inadequate given the fast pace of threat evolution and how quickly infrastructure/applications change .
  • 79 percent believe that pen tests are costly. 78 percent would utilize pen tests on more apps if the costs were lower.
  • It takes 71 percent of respondents anywhere from one week to one month to conduct a penetration test. Then, more than 26 percent have to wait between one to two weeks to get test results, and 13 percent wait even longer than that.

“Security testing should tell organizations what attackers are able to see and exploit so that defenders can prevent breaches. But when companies are only able to see assets they already know about, test just a portion of their attack surface, and do that only a few times per year, preventing breaches isn’t possible. So, the biggest takeaway from this report is that what organizations want or are hoping to achieve through pen testing versus what they actually are accomplishing are two very different things,” said Rob Gurzeev, CEO and co-founder of CyCognito. “There is very limited value in testing only a portion of your attack surface periodically. Unless you are continuously discovering and testing your entire external attack surface, you don’t have an overall understanding of how secure your organization is. If there is a path of least resistance, attackers will find it, and find a way to exploit it.”

About CyCognito

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit

Media Contact
Ignacio Ramirez

Switch PR
(415) 517-6708
[email protected]

The Platform to Rule Your Risk

The CyCognito platform preempts attacks and helps satisfy key elements of most common security frameworks and many regulatory compliance standards.

Learn more about the CyCognito and take the first step to Rule Your Risk.