THE CYCOGNITO APPROACH TO VULNERABILITY MANAGEMENT
Discovery as a Foundation
In a digitally transformed world, vulnerability management must include all of your attacker-exposed assets — whether on-premises, in the cloud, in your subsidiaries or in partner environments. That’s a critical, foundational step and one that legacy vulnerability management solutions don’t address.
The CyCognito platform gives you an accurate view of your most critical vulnerabilities because it first discovers your attack surface. The platform uncovers hidden assets by deploying one of the largest bot networks in the world to discover, fingerprint and test digital assets globally. Its discovery capabilities go far beyond the known or easily discovered IP ranges of typical ASM tools.
The platform discovers and contextualizes unknown, unmanaged, and cloud-based assets operated or used by your organization in subsidiaries, third-parties, and abandoned environments that present shadow risk for you. The platform’s risk assessment also goes beyond legacy ASM capabilities that use port scanning and banner-grabbing techniques that generate many false positives. And unlike other ASM tools that require manual assignment of assets to organizations, the CyCognito platform uses intelligent, iterative analysis to automatically classify and organize 84% of your attack surface assets by their business context and relationship to your organization.
With no configuration required, the platform continuously scans your entire attacker-exposed IT ecosystem for attack vectors that could provide attackers entry to your most critical corporate assets. As a result of its broad discovery and automated testing, the CyCognito platform enables dramatically expanded vulnerability management coverage of your attack surface. The platform’s testing process does not affect business continuity and does not require creating an allowlist or any other integration.
The CyCognito platform identifies your entire attack surface and automatically organizes it with capabilities that go far beyond other ASM tools as shown in the chart below. This creates a strong foundation for your external vulnerability management requirements.
"Always On" Proactive Defense
The CyCognito platform continuously scans and automatically tests your entire attacker-exposed IT ecosystem to identify your critical risks. This vigilant, proactive and cost-effective defense has clear advantages over the traditional approach of point-in-time vulnerability assessment (VA) or penetration testing sparingly applied to a limited segment of your attack surface.
Detects Attack Vectors, Not Just CVEs
The CyCognito platform goes beyond the identification of Common Vulnerabilities and Exposures (CVEs) that are the exclusive focus of traditional VA solutions. In addition to CVEs, it uncovers data exposures, misconfigurations and even software zero-day vulnerabilities so that you have a complete view of your attacker-exposed risk. These additional risk areas must be secured to outmaneuver attackers’ offensive operations. The platform identifies these attack vectors that legacy solutions miss:
||network architecture flaws
||SaaS platforms takeover risks
||default credential vulnerabilities
|abandoned asset vulnerabilities
||DNS and mail servers hijacking risks
|bypassable authentication mechanisms
||web application vulnerabilities
||and many other attack vectors
|misconfigured cloud components
||certificate trust vulnerabilities
Example of a Non-CVE Attack Vector
Figure 1. As an example of an attack vector, the platform discovered an exposed, abandoned router whose user interface,
shown above, could allow attackers to execute commands remotely.