CyCognito’s asset discovery process starts with a single data point - the name of your organization - and then uses AI to crawl and understand financial databases, news sites and hundreds of websites.
CyCognito builds context around all of the assets it discovers. Our AI maps each asset to a business unit or brand, and adds details like the type of asset, underlying technology, related applications, and if there is potentially exposed customer data.
Assets can be easily organized by type or risk. Our AI classifies assets by examining their API call responses and types of data they store.
Want to see all of your ecommerce servers not protected by a WAF? Just ask: “Show me all ecommerce servers not protected by a WAF.” Our AI language processing allows you to ask almost any question about what you own and if it’s at risk without using a specialized query language.
No more time consuming test configuration. Our AI understands the type of assets you own and automatically configures the test engine to run the proper test types with the right payloads.
In a short demo video see how the CyCognito platform uses nation-state-scale reconnaissance and offensive security techniques to close the gaps left by other security solutions including attack surface management products, vulnerability scanners, penetration testing, and security ratings services.
Assuming a human could find all of the information the CyCognito platform does (up to fifty data points per asset, including IP address, name, type, owner, location, included technologies, related assets, known vulnerabilities, and threats), we estimate it would take at least one hour per asset on average for initial discovery and 30 minutes per asset to keep all of the asset metadata up to date.
So, one hour per asset, multiplied by a midsized attack surface of 5,000 assets, that's 5,000 hours, or over two work-years just for initial discovery. Spending 30 minutes per asset once per year to keep it up to date would add another 2,500 hours - over one additional work-year. On top of that, company attack surfaces fluctuate by +/- 10 percent monthly, adding even more hours of initial discovery per year for newly added assets. Lastly, the average attack surface size for an enterprise is 50,000 assets, not 5,000. That’s 30 work-years.
CyCognito uses a number of AI techniques and technologies to create high-precision discovery and testing. Let’s look at some of them and how they are applied in the platform.
CyCognito uses BML to structure graph data models and test hypotheses around asset ownership and type.
CyCognito uses GPT to summarize the relationship between organizations or entities and to create answers to user search queries.
CyCognito uses GPT-3.5/4 to summarize the relationship between organizations or entities, and to create answers to user search queries.
CyCognito uses GraphAI to represent assets and their relationships to organizations, people, threats and other technologies.
CyCognito uses LLMs for several tasks, including asset discovery, ownership attribution, data enrichment, and search.
CyCognito uses NLP to understand organizational structure by extracting information from business databases and websites, and then matching entities mentioned within. NLP has a significant performance advantage over LLMs - milliseconds vs. seconds - and is a better choice for large scale applications like attack surface discovery.
Getting results without disrupting business is essential for CIOs.
With the CyCognito platform, you can manage your risk confidently and intentionally to minimize your organization’s risk exposure. Learn about our revolutionary approach to external cyber risk management. Discover more about our solutions and how we help organizations identify, understand and master their risk in profound new ways.