CyCognito

Palo Alto, CA, USA
2017
  |  By Emma Zaballos
CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.
  |  By Jason Pappalexis
When it comes to security, organizations often consider themselves well-covered. But in today’s landscape, where cybersecurity threats evolve at breakneck speed, even the most well-prepared teams cannot afford to have testing gaps. The reality is that if your primary strategy for removing security testing gaps is tightening scanning policies or expanding penetration test scope, you are trying to patch a dam with bubble gum. Is your attack surface covered?
  |  By Emma Zaballos
CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in the SolarWinds Web Help Desk (WHD) software. If exploited, this Java deserialization remote code execution (RCE) vulnerability allows attackers remote unauthenticated access to create, read, update and delete data on specific WHD endpoints.
  |  By Emma Zaballos
CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.
  |  By Emma Zaballos
We just published our 2024 State of External Exposure Management Report. In this report, we looked at where serious issues hide on the average attack surface, how basic protections can help (or fail to) protect critical assets, and the ways that deprioritizing issues can help security teams spend their time on the right vulnerabilities.
  |  By CyCognito
Findings reveal escalating risks in the software supply chain, highlighting vulnerabilities in web servers, cryptographic protocols, and web interfaces that handle PII.
  |  By Jason Pappalexis
Gaps in your security testing program are likely more than simply missed assets. Infrequent testing and even low test accuracy are also gaps, and can be just as bad or worse. Gaps happen despite the best efforts of everyone involved. The good news is that, with some strategic adjustments, you can reduce gaps using tools you likely already have deployed.
  |  By Emma Zaballos
CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw. Its primary danger comes from the potential for providing unauthorized network access, both allowing attackers unfettered access to critical resources and, in some cases, giving attackers the ability to crash the firewall.
  |  By Ansh Patnaik
Effective asset management and rapid incident response are crucial for maintaining cybersecurity defenses. To address these needs, and building on its previous Vulnerability Response module integration, CyCognito has announced a new certified integration with ServiceNow’s Configuration Management Database (CMDB).
  |  By Brittany Busa
In the ever-evolving digital landscape, a robust exposure management strategy is critical to safeguarding a company’s assets.
  |  By CyCognito
See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks.
  |  By CyCognito
"CyCognito is worth every cent we pay and it helps me sleep better because I know we’re checking our internet-facing assets on a regular basis.” —Benjamin Bachmann | Vice President, Group CISO | Ströer.
  |  By CyCognito
“CyCognito provides our company with cutting-edge technology enabling my team to have global visibility into our web-facing assets in an easy-to-use interface.” — Alex Schuchman | Chief Information Security Officer | Colgate-Palmolive Company.
  |  By CyCognito
“I can’t point to another tool that does as thorough a job of exploring and exposing those assets that you didn’t even know you had. It’s so valuable." — Kevin Kealy | Chief Information Security Officer | Scientific Games.
  |  By CyCognito
Hear first hand from Chief Technical Officer, Randy Watkins, as he explains why attack surface mapping is critical to an organization’s security posture and managing their IT assets. Learn how prioritizing security risk helps to cut through a sea of security issues and gives focus to security teams on what is critical.
  |  By CyCognito
Streamline Security Testing with Analytics, Trends, and Reporting: New Cybersecurity Automation Features to Streamline Attack Surface Protection.
  |  By CyCognito
See How CyCognito Monitors Your Subsidiaries for Security Risk.
  |  By CyCognito
Learn how the CyCognito platform identifies attack vectors that might go undetected by other security solutions.
  |  By CyCognito
Introducing Remediation Planner and new workflow integrations.
  |  By CyCognito
Your attack surface has grown, it's now in cloud infrastructure and across subsidiaries and unknown, unmanaged assets are everywhere. How are you finding these? Attackers look for, find and attack these unknown assets and when there are externally exposed risks, sensitive data and critical systems are put in danger. Read now, External Exposure & Attack Surface Management For Dummies.
  |  By CyCognito
CTEM, a comprehensive risk reduction framework, integrates visibility risk assessment, issue prioritization, and validation. This approach facilitates the continuous identification and testing of exposed systems, enhancing decision-making and enabling a more proactive threat response. Download the white paper, Understanding Continuous Threat Exposure Management, to learn about CTEM's core components and how they contribute to cybersecurity resilience, how CTEM addresses the challenge of managing risk on attack surfaces, and how CyCognito's capabilities align with CTEM's requirements.
  |  By CyCognito
With the ever-growing volume of cybersecurity alerts and attacks bombarding security teams, more CISOs are taking a hard look at External Attack Surface Management (EASM) platforms to better understand how adversaries get into systems and how to keep them out. It's not surprising that EASM products have captured the industry's attention, as many organizations are seeing growth of their attack surfaces' growth outpace their detection and remediation abilities. Some of the driving causes: digital transformation, the cloud, third-party dependencies, subsidiary sprawl, and more.
  |  By CyCognito
Your pen testing team is working hard, but they are facing an operational challenge due to the large number of assets they need to test and the time required to complete each test. As the fundamental approach to penetration testing has not changed much since the first test over 50 years ago, it's worth exploring whether the tool is still sufficient for securing today's IT environment.

CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.

Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.

Automated external attack surface management and continuous testing reduces your overall risk:

  • Discovery: Proactively uncover exposed external assets — without input or configuration — using attacker reconnaissance approaches.
  • Contextualization: Empower your team to know what an asset does, where it’s located, what other assets it connects to, and how attractive it is from that attacker perspective.
  • Active Security Testing: Launch security testing across your full inventory of external assets, enabling a new level of visibility into risk and the steps needed to reduce it.
  • Prioritization: Automate risk prioritization for external assets to focus your security team’s attention and energy on the 10 to 50 most critical exploited assets that matter the most.
  • Remediation Acceleration: Quickly repair exploitable assets and reduce validation time from months to hours to swiftly prevent data breaches.

Discover, test and prioritize all of your web assets and applications.