Human beings may or may not be good at every single thing, but one area where they are undoubtedly great at is improving on a consistent clip. This progressive ability, in particular, has even fetched the world some huge milestones, with technology appearing as a rather unique member of the group. The reason why technology’s credentials are so anomalous is, by and large, predicated upon its skill-set, which was unprecedented enough to realize all the possibilities for us that we couldn’t have imagined otherwise. Nevertheless, a closer look should be able to reveal how the whole runner was also very much inspired by the way we applied those skills across a real world environment. The latter component was, in fact, what gave the creation a spectrum-wide presence and made it the ultimate centerpiece of every horizon. Now, having such a powerful tool run the show did expand our experience in many different directions, but even after reaching so far ahead, this prodigious concept called technology will somehow keep on delivering the right goods. The same has grown to become a lot more evident in recent times, and assuming one new GRC-themed development pans out just like we envision, it will only propel that trend towards greater heights over the near future and beyond.
CyCognito, a company focused on enhancing the world’s cybersecurity posture, has officially announced a major expansion of its platform for External Attack Surface Management (EASM). According to certain reports, the update brings to the fore extended visibility across cloud assets, web application API endpoints and web application firewalls (WAFs), enhanced web crawling capabilities, compliance management controls, integrations for exploit database remediation and more. By providing all this insight, the idea is unsurprisingly to help security teams efficiently identify, prioritize, and remediate vulnerabilities. Talk about the whole development on a granular level, CyCognito platform’s Web Application API Endpoints Visibility will ensure the user is able to capture and consolidate significant security-oriented details from a centralized dashboard. Next up, the all-new Web Application Firewalls (WAFs) Identification capabilities will inform security teams on applications that are at risk because of not being adequately protected by a WAF. At present, the CyCognito platform can identify over 150 WAFs, including popular ones like Akamai, AWS CloudFront, Azure Front Door, Cloudflare, Fastly, Fortinet, and Imperva. Moving on to the prospect of improved web app discovery, a step up around the company’s Programmatic Recon and Online Behavior Emulation discovery engine is going to conceive 5 times more pages inside web applications than the previous version. This should go a long way when it comes to letting the customer see twice their web application attack surface and catch 5 times more of all the potentially valid issues. CyCognito’s users will also have at their disposal a dedicated cloud connector, which is understood to provide a secure and reliable way to Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) environments. Furthermore, given its ability to identify and classify cloud assets, actively test for security risks, and prioritize the most critical risks for remediation, the connector will notably bolster the external attack surface visibility.
“Undiscovered and unprotected cloud APIs and applications are an open door to your organization’s most critical data, and by far the biggest security threat today,” said Ansh Patnaik, Chief Product Officer at CyCognito. “Scaling visibility and protection to stay ahead of continued attack surface growth is critical given the rapid proliferation of applications endpoints. This release reflects our commitment to innovation and to helping our customers safeguard against rising threats.”
Hold on, we still have a few bits left to unpack, considering the CyCognito will now also integrate with leading exploit databases to access information for advanced issue prioritization capabilities, insight into the current threat state, resolution instructions, and more. Complementing the stated access is a risk diagram feature, which guides security teams in presenting their organization’s top risks that attackers might use against an entity. By cultivating such introspection, the platform promotes a more proactive stance on the user’s part. Rounding up the highlights is CyCognito’s approach on compliance management. An aspect worth sharing in this context is how the company’s platform is well-equipped to allow governance risk compliance (GRC) and vulnerability management (VM) teams to view the alignment of externally exposed digital assets across six major compliance frameworks.
To understand the importance of such a move, we must look at one recent CyCognito report, which revealed that nearly 74 percent of assets with PII are vulnerable to at least one known major exploit, whereas 70 percent of web applications have severe security gaps, including a lack of WAF protection or an encrypted connection like HTTPS.
As for what makes the company an ideal candidate to solve the said conundrum, the answer is rooted in its extensive knowhow of how attackers can actually exploit blind spots, along with any weaklings in the company’s cybersecurity system. The validation for CyCognito’s excellence in doing so comes from the fact that is currently serving a number of large enterprises and Fortune 500 organizations like Colgate-Palmolive, Tesco, and many others.