CyCognito Named Large Vendor in Forrester External Attack Surface Management (EASM) Report

Managing the Dynamic External Landscape

Today, essentially every organization has experienced an evolution of their IT infrastructure, now having developed web applications, moved assets to public and private cloud environments and connected rapidly to partners and third parties to better serve customers and stay competitive in their marketplace. This new landscape is as dynamic as it is sprawling, something legacy vulnerability management tools were not designed to manage.

Forrester, an analyst firm, has been monitoring this change and the new category termed External Attack Surface Management or EASM. They recently named CyCognito a large vendor in this category in their new report, “Forrester External Attack Surface Management Landscape Report, Q1 2023” which provides an overview of the EASM landscape, things to consider and use cases.

Uncovering Hidden Assets: External Attack Surface Management in Action

CyCognito is excited to see the EASM category gain recognition. CyCognito was founded in 2017 by ex-intelligence agency reconnaissance experts who brought a unique perspective on defenses. That experience gave them unique insight into how attackers would find a path of least resistance to exploit security blindspots. This led them to build CyCognito to perform continuous attack simulations that help organizations understand areas of weakness and eliminate organizational risk.

The report by Forrester cites organizations found 30% more assets using an EASM tool than they knew they had. This is fairly consistent with what customers using CyCognito’s platform often find, upwards of 50% more assets thanks to its deep discovery using machine learning and natural language processing without any data input, zero assumptions or configurations, and no ongoing maintenance.

Precisely Prioritizing and Remediating Risks: The CyCognito Approach to EASM

While asset discovery is a good first step to any EASM program, CyCognito believes the focus needs to be on finding, prioritizing and remediating risks for a great EASM program. The report by Forrester makes the point that IT and security need to work together. The CyCognito platform helps IT and security teams to take immediate action by giving them precise prioritization on the most critical risks and a continuous automated process protecting their constantly changing attack surface.

The CyCognito platform is a SaaS application that helps IT operations and security teams to eliminate internet-facing risks.

• The external attack surface is automatically and continuously monitored.
• Each asset is mapped, visually showing its relationship to the organization such as subsidiary, partner or third-party and identifying the organizational or departmental owner of the asset. 
• Assets found are contextualized to include details about the asset and the services running on it. 
• Active security testing of all live assets is performed up to a daily cadence.
• Every risk is precisely prioritized helping teams zero in on a handful of critical risks to remediate first. Prioritization is based on the severity of the issue, the value or attractiveness of the asset to attackers, and how easy it is for attackers to reach. 
• Actionable, step-by-step instructions to remediate each risk is provided and can be automated with configurable workflows through integrations into popular ticketing systems, SIEMs and vulnerability management systems to help establish a fast and efficient process.

The comprehensive set of capabilities the CyCognito platform provides have helped customers improve their Mean Time to Resolution (MTTR) by as much as 88%.*

Real-world success: See how CyCognito customers are utilizing the platform for various use cases

CyCognito customers use the platform in various ways including:

• Asset Discovery: including unknown or new assets in highly dynamic environments
• Asset Inventory Management: helping to maintain a constantly updated inventory with asset contextualization and mapping assets to the organization
• Vulnerability Risk Management: both active and passive discovery and assessment for risks and prioritizing based on criticality of the risk given context of the organization.
• Cloud Security Posture Management: identifying misconfigurations, exposed data and other security issues
• Mergers and Acquisitions (M&A) Due Diligence: an attacker perspective on the internet-facing risk exposure before, during and after an acquisition
• Supply Chain Risk Management: including third-parties, including those connected to partners or subsidiaries to continuously monitor and prioritize exposed risks

Read this recently published Forrester Total Economic (TEI) Report on EASM which includes real world case studies based on active customer environments. The quotes and commentary are particularly insightful.

*Fortune 100 customers of CyCognito across industries including hospitality, manufacturing and asset management report 50% to 88% faster remediation times.