About the company:
CyCognito is an Israeli company that specializes in cyber threat risk prevention. Their applications are designed to uncover and eliminate critical security flaws that companies never even suspected.
Solutions:
CyCognito - Attack Surface Monitoring
The CyCognito platform focuses on what attackers think, see, and do to help dramatically reduce overall business risk. Without the need for deployment, the platform autonomously discovers and maps the entire external surface and exposed internet assets for an organization and identifies the business context of the assets. It then tests the exposed Internet assets, looking for the path of least resistance and critical exposure points that attackers can most easily exploit. The CyCognito platform prioritizes risks based on an attacker’s interest, discoverability, and exploitability. This information is delivered to operations teams through a user interface and using a wide range of integrations and automated workflows, thus enabling their timely response. This speeds up troubleshooting by providing information, evidence, and prescriptive guidance on how to correct issues.
Platform capabilities
The CyCognito platform enables the identification, prioritization and elimination of an organization’s most critical cyber risks including:
Attack surface detection and mapping
CyCognito automatically discovers assets exposed to the Internet by eliminating blind spots caused by unknown or forgotten infrastructure and providing a single and complete inventory of digital assets.
Automated security testing
With continuous, active security testing of all disclosed assets on the Internet, the platform enables the true vulnerabilities for an organization to be discovered. Some issues found in active testing include weak and misconfigured protocols and ciphers, logging issues across systems, man-in-the-middle attacks, and unprotected or exposed data.
Integrated threat intelligence and exploitation
CyCognito uses threat intelligence in combination with vulnerability data on exposed assets to show vulnerable locations and those most likely to be attacked.
Intelligent correction guidelines
The platform provides guidance and a plan for correcting identified issues, which supports the work of the operations teams.
How does CyCognito work?
Business graphics and asset relationships
- Enables mapping of business structure, subsidiaries, acquired companies, cloud environments and more, using machine learning and processing to reveal the full organizational composition of assets exposed to attack for a given organization
- Continuously discovers and prints all digital assets and links them to the specified organization
- Validates the discovery data by providing the full path to those assets, proof and justification as to why the assets were associated with an organization
- Inventories all external digital assets with identifying elements, including IP ranges, web applications, connections, URL patterns, banners, certificates, code snippets, embedded software, TLS configuration, linked domains, encryption ciphers, and much more
Automatically determines the business context
- Analyzes and classifies assets based on the structure of the organization, whether on-premises or in the cloud (IaaS, PaaS, SaaS), at a technology partner or in subsidiary environments
- Automatically associates which assets and what data belong to certain departments or subsidiaries within the organization, the business processes associated with those assets, and what risks and attack paths they are exposed to.
- Automatically associates which assets and what data belong to certain departments or subsidiaries within the organization, the business processes associated with those assets, and what risks and attack paths they are exposed to.
Continuously test security at scale
- Goes beyond port scanning and identification of common vulnerabilities and exposures (CVEs) by automatically and proactively testing assets to enumerate, validate and assess attack vectors based on context
- Identifies all attack vectors that an attacker can use to penetrate the most critical assets, including non-CVE vulnerabilities such as data exposure, misconfigurations, code injection risks, and even zero-day vulnerabilities
- It tests the entire exposed surface, not just the assets and IP ranges that teams have programmed into a scanner, with automated techniques for risk detection, vulnerability assessment, encryption analysis, and more.
Prioritises risks
- Removes the noise to reveal the most critical risks that security and IT teams need to fix first.
- Assesses risks based on attacker priorities, business context, detectability, ease of exploitation, and remediation complexity - including whether attacks have occurred.
- Determine security grades for the entire organization as well as for asset type, business unit, issue, and region to help understand where weaknesses exist and track improvement over time.
Accelerates recovery
- Saves security teams time and reduces the window of exposure by automatically providing detailed guidance to correct any identified risk.
- Provides automated guidance on what needs to be done to achieve desired remediation results through planning.
- CyCognito provides remediation guidance, planning, and information for assets under attack, including SIEM/SOAR, ticketing systems, communication and collaboration systems, GRC, and asset management tools.
- Analyzes and reports on changes and trends in assets exposed to attacks, including progress of remediation and new issues.
