attack surface management

Identifying and Managing Vulnerabilities
on All Your Attacker-Exposed Assets, All the Time

Benefits of the CyCognito Platform for Vulnerability Management

Key Challenges

In today’s security landscape, proactive vulnerability management (VM) is a necessity, even if your organization isn't subject to regulations that require regular vulnerability assessment (VA), scanning or penetration testing. Being truly proactive means discovering your entire attacker-exposed IT ecosystem — including elements that may not already be known — security-testing that attack surface to discover vulnerabilities as well as other security issues, and repeating that cycle continuously. Today, legacy attack surface and vulnerability management solutions do not fully address those three fundamental elements. 

Watch a short video to see how the CyCognito platform identifies attack vectors that might go undetected by other security solutions >>

 

mobile

VIDEO-Prioritize and Eliminate Attack Vectors

Watch this short demo to see how the CyCognito platform identifies
attack vectors that might go undetected by other security solutions.

Legacy Attack Surface Management Approach

Organizations using legacy attack surface management (ASM) tools to discover their attack surface find that they require an unreasonable amount of manual effort that slows — or even makes impossible — capturing the entire attack surface. Additionally, when it comes to testing, most legacy attack surface management tools do not perform security tests. Instead they leave testing to vulnerability scanners and other processes that must be fed their results as input. That creates additional work, and the potential for errors. 

While some legacy attack surface management tools (including security ratings services) promise attack surface discovery plus security testing, these tools produce incomplete and inaccurate results for the following reasons: 

  1. First, they generally only address issues related to Common Vulnerabilities and Exposures (CVE), which represent just a subset of all security risks. 
  2. Second, they produce many false positives because they rely on an inaccurate form of testing known as “banner grabbing.” With banner grabbing, decisions about risk are based solely on the software version running — and not whether it has been patched, what the underlying operating system is, etc. 
  3. Third, they lack the details security and IT operations teams need to take action. Banner grabbing is again an issue because it is a passive measurement that yields an indication, not an active test that produces actionable evidence.
  4. Fourth, they do not automatically detect the business context of assets, which is necessary for prioritizing risk criticality. 

Legacy Vulnerability Management Approach

Despite paying lip-service to modern IT, legacy vulnerability assessment and management solutions have not kept pace with the dramatic shifts in how organizations manage IT across cloud and affiliate environments. Your expanding IT infrastructure means that you may not own or manage every part of your extended IT ecosystem. Therefore you cannot rely on vulnerability assessment solutions that depend on authentication, allowlisting, etc., to define their target assets.

Specifically, legacy vulnerability assessment tools fall short in three critical areas:

  1. Limited coverage: Because of their CAPEX and OPEX costs, organizations typically only test a small fraction of their known attack surface. Further, testing focuses on IP address ranges that are known, and doesn’t cover unknown, unmanaged, subsidiary and third-party assets. 
  2. Limited risk assessment: The types of risks examined are primarily CVEs, meaning data exposures and other misconfigurations are ignored.
  3. Limited business context: They don’t evaluate or determine the business context of assets in their process, so they cannot help you prioritize risks and decide where to focus your remediation efforts first. 

Comparison Chart

Capabilities for Attack Surface Management Tools (ASM)
Other ASM Vendors
CyCognito
Scan the internet continuously to discover assets
Fingerprint assets, identifying services, software, text, graphics, attributes, etc. X
Automatically associate assets with your organization and subsidiaries X
Determine the business context of assets X
Identify attack vectors impacting your assets X
Prioritize risk based on context and impact X
Prescribe methods to remediate risks X
Provide easy-to-understand scoring of security posture and change over time X

What is Required

Proactive, risk-based vulnerability management requires that you establish and maintain full visibility and ongoing monitoring of assets that connect to and relate to your organization, not just your owned and managed assets.

Starting with an “outside in” view of your entire evolving attack surface, you need to automatically identify, classify and organize all assets, even those that are unknown and unmanaged by your IT and security teams. You must then perform automated security testing, using an attackers’ assessment process to detect a broad range of attack vectors including CVEs, data exposures, misconfigurations, etc.

The Benefits of the CyCognito Platform for Vulnerability Management

The CyCognito platform addresses today’s vulnerability management requirements, built on the foundation of full discovery of your entire extended IT ecosystem, to help you proactively defend against threats from even the most sophisticated attackers. It operates continuously and autonomously using advanced attacker-reconnaissance techniques to identify attackers' paths of least resistance into your environment so that you can efficiently eliminate them. Once it identifies potential attack vectors, it prioritizes risks and delivers both actionable remediation guidance and ongoing validation of fixes. The result is a platform that delivers risk-based vulnerability management for your entire attacker-exposed IT ecosystem, closing what is a significant gap in existing attack surface management and vulnerability management processes.

The CyCognito platform uniquely delivers:

  • The essential foundation of vulnerability management: full discovery of your extended IT ecosystem, including assets that are part of your IT ecosystem, but are unknown or unmanaged by you. Its sophisticated discovery capabilities exceed the approaches of typical attack surface management or VM tools that rely on passive data collection within known or easily discovered IP ranges.
  • Detection and testing of attack vectors across your entire attacker-exposed IT ecosystem, going well beyond CVEs to include data exposures, misconfigurations and even software zero-day vulnerabilities. 
  • Prioritization of the attack vectors in your IT ecosystem based on what could impact your organization most from a cybersecurity risk perspective.
  • Actionable remediation guidance and reporting to accelerate your remediation and validation. 

An Attacker-Oriented Approach to VM

  • A 100% focus on what's externally exposed to attackers — intentionally or not — including unknown and unmanaged assets, cloud and affiliate organization environments, using reconnaissance and testing techniques that go far beyond traditional attack surface discovery and VM tools. 
  • Frictionless VM: 100% SaaS solution with no installation/deployment, no configuration, no authorization, no ongoing management of VA or VM infrastructure components — all critical for managing risks in subsidiaries, partners, and potential M&A targets.
  • Anonymous, undetected discovery and testing eliminates both configuration of allowlists and alerts from other security solutions in the testing path.
  • Automatic discovery and classification of business context for every asset, including an assessment of its importance to your enterprise and what organization, business unit, platform and environment it belongs to.

Nation-state grade platform utilizing one of the world’s largest bot networks for automatic discovery of your attack surface coupled with the latest in natural language processing and machine learning capabilities to prioritize attack vectors and automate penetration testing.

Discovery as a Foundation of Vulnerability Management

The CyCognito platform gives you a more accurate view of your most critical vulnerabilities because the foundation of its advanced reconnaissance and analysis is a broad, accurate view of your attack surface. By illuminating the blind spots in your attack surface, you are able to fully assess your risk.

In a digitally transformed world, a vulnerability management process must start by identifying risks across your entire IT ecosystem — all of your attacker-exposed assets — whether on-premises, in the cloud, in your subsidiaries or in partner environments. That’s a critical, foundational step and one that legacy vulnerability management solutions don’t address. While it may be a well established and familiar practice to use legacy vulnerability assessment tools that you aim at known IP address ranges, that process does not allow you to see the assets (and associated risks) hidden in the shadows.

Organizations using the CyCognito platform report that it discovers a large number of assets that were previously unknown to them; many organizations see 30% more assets, and in some cases more than 100% more, even identifying past acquisitions and business units that had been long forgotten. Identifying these hidden assets is a foundational step in vulnerability management, because attackers know that assets that exist in the shadows harbor opportunities for them and therefore they seek them out and target them first.

The CyCognito platform discovery goes far beyond an active IP list that most attack surface management and vulnerability solutions address; it includes active and inactive IPs, abandoned assets, domains, subdomains, certificates and web applications. It uncovers hidden assets by deploying one of the largest bot networks in the world. Using attacker-like reconnaissance techniques, it discovers, fingerprints, scans and tests billions of digital assets all over the world. These discovery capabilities go far beyond the known or easily discovered IP ranges of typical ASM tools. CyCognito discovers and contextualizes unknown, unmanaged, and cloud-based assets operated or leased by your organization in subsidiaries, third-parties, and abandoned environments that present shadow risk for you.

The risk assessment of the CyCognito platform also goes broader and deeper than typical ASM capabilities that use port scanning and banner grabbing techniques that generate many false positives. And the CyCognito platform uniquely uses intelligent, iterative analysis to automatically classify and organize 84% of your attack surface assets by their business context and relationship to your organization whereas ASM tools require tedious and time-consuming manual assignment of assets to organizations.

vulnerability assessment - attack surface management
The CyCognito platform assesses your vulnerabilities in the context of your entire attack surface, including cloud, subsidiary and third-party environments.

 

Vulnerability Management_CyCognito_img152021

Full attack surface discovery is the foundation of the CyCognito platform approach to vulnerability management.

 

COVER-Solution-Brief-Vulnerability-Management

Learn how the CyCognito platform delivers effective risk management, including vulnerability management, across your entire IT ecosystem.

SOLUTION BRIEF >>
DATA SHEET >>

  

 

Detection and Testing of Attack Vectors Across Your Entire IT Ecosystem

With no configuration required, the CyCognito platform continuously scans your entire attacker-exposed IT ecosystem for attack vectors that could provide attackers entry to your most critical corporate assets. As a result of its broad discovery and automated testing, the CyCognito platform enables you to expand the vulnerability management coverage of your exposed IT ecosystem from its previously limited scope (often only 30%) to 100%. The platform’s testing process does not affect business continuity and does not require creating an allowlist or any other integration.

The CyCognito platform matches legacy vulnerability assessment solutions in its coverage of active external IPs and vulnerable software (which is all legacy vulnerability assessment solutions look for) and goes well beyond them by identifying issues with domains, certificates and configurations. It detects:

  • inactive IPs insecure/exploitable code
  • abandoned asset vulnerabilities
  • bypassable authentication mechanisms
  • misconfigured cloud components
  • network architecture flaws
  • default credential vulnerabilities
  • software vulnerabilities
  • web application vulnerabilities
  • certificate trust vulnerabilities
  • SaaS platforms takeover risks
  • data exposures
  • DNS and mail servers hijacking risks
  • web application and database hijacking risks
  • and many other attack vectors

These additional attack vectors are vital areas that must be secured to outmaneuver attackers' offensive operations.

In addition to the fact that traditional vulnerability management solutions don’t assess assets they can’t find, most organizations aren’t scanning and testing their entire IT ecosystem due to cost concerns. Continuous scanning and testing of your entire IT ecosystem for vulnerabilities and other potential attack vectors has clear advantages over the traditional approach of point-in-time vulnerability scanning or penetration testing sparingly applied to a limited segment of your attack surface. 

Risk Prioritization in the Context of Your Business

The CyCognito platform identifies and prioritizes an organization’s most critical risks, making it easy for security teams to know where to focus their efforts first. The platform’s automatic risk prioritization is based on business context, discoverability, ease of exploitation, and remediation complexity. 

Contrast this with a key drawback of legacy vulnerability assessment solutions: they present an abundance of vulnerabilities, prioritized by a system that assumes all vulnerabilities are equally significant to all organizations. This leaves security teams trying to sift through  —  and potentially overwhelmed by — thousands of vulnerabilities that don't matter to their organization, while risking that they may miss something critical that could affect a valuable business asset. 

The intelligence behind its automatic prioritization is part of the differentiation of the CyCognito platform, where the expertise of seasoned offensive cybersecurity researchers is incorporated into the platform and machine learning accelerates the power exponentially. At the highest level, our team of offensive security experts reviews and extracts the learnings from the automated findings. These learnings are then used to train the platform’s logic, resulting in continuous process improvement of the automated results delivered to the platform’s users at scale.

The platform’s central dashboard presents an overall security grade for the the assets in your attack surface, and groups and grades assets by organizations, environments, business units, and platforms. Without requiring any user input, these asset groupings within your enterprise are automatically mapped, to provide you context for visualization, reporting and trending.

Vulnerability Management - Attack Surface Mangement

The CyCognito platform automatically prioritizes your organization’s most critical risks, so your security team knows what to focus on first.

 

WATCH A SHORT DEMO >>
See how the CyCognito platform identifies attack vectors that might go undetected by other security solutions.

Accelerated Remediation and Efficient Remediation Validation

The CyCognito platform decreases the time it takes to remediate risks and validate fixes from months — on average  — to days or even hours.

For every issue that’s identified, the CyCognito platform provides detailed and actionable remediation guidance so your security and operations teams don’t have to research that information. Once issues have been addressed, the platform’s continuous testing process enables you to efficiently validate that your remediation efforts were successful. Validation of the scope of your remediation can be shared with your organization’s leadership team or for mandated reporting to document compliance with regulatory requirements. 

The analytics and trends features helps you extract key insights from your attack surface data and report on them. For example, the Issues Dashboard visualizes the types of threats you are facing now and the status of threat investigations. With the Issues Trends Dashboard, you can analyze and monitor your overall security effectiveness and measure changes over time. 

security issues status - attack surface management

Analytics capabilities in the CyCognito platform allow you to analyze the status of your security issues in a number of ways.

Must Haves for Vulnerability Management in Today’s Attacker Environment

To counter today’s persistent, creative, well-funded, highly-automated attacker economy, your vulnerability management solution must include:

  • Full discovery of your extended IT ecosystem, including assets that are part of your IT ecosystem, but are unknown or unmanaged by you.
  • Detection and testing of attack vectors across your entire attacker-exposed IT ecosystem, going beyond CVEs.
  • Prioritization of the attack vectors in your IT ecosystem based on what’s most critical to your organization and the greatest risks.
  • Actionable remediation guidance and reporting to accelerate your remediation and validation.

Settling for less puts your organization at risk.

Effective-Security-Architecture-for-Risk-Managment-V2The CyCognito platform delivers effective risk management,
including vulnerability management, for your entire IT ecosystem.

 

mobile

SEE HOW WE DO IT

The CyCognito platform uses nation-state-scale reconnaissance and offensive security techniques to close the gaps left by other security solutions including attack surface management products, vulnerability scanners, penetration testing, and security ratings services.

Watch an 8-Minute Demo Video