January 11, 2021
The most significant trend we see with the companies we meet is that attackers usually succeed. Many companies despite significant cyber security investments – sometimes in the millions of dollars – organizations are not fully aware of their attacker-exposed IT ecosystem and risks. At the same time, attackers perform reconnaissance, identify targets and exploit weaknesses. And, they have time on their side because organizations remain unaware of their blind spots
A major contributing factor to attacker success is that while IT has evolved dramatically over the past decade, Security Testing solutions have not. To be clear, most approaches that are at least two decades old, like vulnerability scanning and penetration testing. Attackers perform reconnaissance, identify targets and exploit weaknesses. Again, with the luxury of time on their side. But, if we could discover all the IT assets in your attack surface, understand their business context, and test them for weaknesses, we would be able to prevent breaches by proactively focusing on the most important risks.
We believe the most effective way to reduce risk is to look at the attack surface from the outside, using an attacker’s point-of-view, and identify and remediate those exact attack vectors they would likely target. Those critical attack vectors are 1000 times more important than a pile of CVEs in a vulnerability scanner report. So, here is how our approach helps you demonstrate to your CEO or Board that you’re improving the company’s security posture.
Our insurgent mission is to eliminate the world’s shadow risk – identify and eliminate the critical security risks in your organization’s IT ecosystem: the shadow risk that attackers seek and target.
We bridge the gap left by legacy tools – bridge the gap between what legacy tools can do and what organizations need.
Reconnaissance process – automatically map an organization’s attack surface based on the reconnaissance process, methodologies and technologies that sophisticated attackers use.
Global botnet – enable gathering of attacker-exposed data of nearly billion servers and devices – petabytes of data.
Far more than port scanning – typical port scanners scan for open ports and banners; we’re collecting dozens of fingerprints for each asset. We can detect web applications, links, references, URL patterns, headers, banners, certificates, deployed software, and unique keywords, which may resemble departments’ and subsidiary names.
Mapping the entire IT ecosystem – using fingerprints per company to calculate the company’s attack surface mathematical graph! There are dozens of iterations to calculate this attack surface graph. We start with Company X, and very quickly start discovering its subsidiaries, acquired companies and partner-specific assets that are strongly related to this company.
IT ecosystem with context – It’s important to consider one’s entire IT ecosystem data as a graph, not a list of IPs, so you can understand the content and context of each asset – and thus understand what’s most attractive to an attacker.
Reveals the attacker’s path of least resistance – simulate the attacker’s assessment of the entire attack surface, focusing on finding highly exploitable assets that provide access to other critical assets in your network.
Legacy scanners ignore attack vectors – legacy vulnerability scanners ignore actual attack vectors, and essentially detect only CVEs in known assets.
Evaluating like an attacker – leverage the attacker’s decision-making process to determine the discoverability level of these assets and the attractiveness level of these assets based on their business context. For instance, a mainframe or source code management system is probably much more interesting to attackers than an Apache server which may be 10 years old and has no data on it based on what attackers can see.
Prioritizing based on business impact – our unique analysis allows us to bring the number of critical attack vectors down from the thousands that a legacy scanner would show you to just 5 or 10. Critical attack vectors prioritized by the platform will typically include exposures that no other solution identifies. Typical penetration testing scope is less than 1% of an organization’s attack surface and are a classic ‘checkbox’ and don’t suffice anymore.
Even sophisticated organizations can be exposed – [Real World Example] A client of ours added a third-party a deception system, which created their biggest security weak spot. The system was misconfigured by an engineer from the deception company and that misconfiguration exposed the telco’s management system to the Internet. Our approach identified this critical vulnerability.
Actionable, remediation guidance – Each identified issue is supported with actionable, prioritized and prescriptive remediation guidance so your team knows where to start and how to get it done.