Back in the early days of networking, a lot of effort went into hiringpenetration testers who would come in and try to break security. They would then report on their findings, and, presumably, whatever flaws or vulnerabilities they discovered would get fixed before real attackers could come calling. Everybody did this, even the military, which dubbed its penetration testers “red teams.” An experienced red team could find all kinds of previously unknown threats.
These human-centered penetration testing operations became less useful as networks began to grow. Today, even with something like a two-week engagement, most penetration testing teams can only get to a very small percentage, often less than one percent, of a total network. What good is a report about one or two application servers if there are hundreds or thousands of them deployed worldwide? It’s gotten even worse with the move to cloud, virtualization and software-defined networking. Assets might appear and disappear within the space of a few hours, and virtual servers are often abandoned and forgotten about. Most internal information technology teams don’t even know about all of their assets, so external penetration testers who visit maybe once a year certainly have no clue.
The industry has responded with things like vulnerability scanners to try and automate what penetration testing teams used to do. But they are limited by their programming and can only scan assets that are known to IT teams or that fall within a range of IP addresses. That’s not how hackers operate, of course. They are more than happy to compromise an unknown asset, a server outside of a defined IP range, a cloud asset or even a connected server sitting outside of an organization’s direct control downstream in the supply chain.
The CyCognito platform was designed to provide the kinds of advantages that old school penetration testing used to, but on a continuous basis and for modern, global enterprise networks comprised of mixed physical and virtual assets. It basically studies networks the same way that hackers do, from the outside with no help or internal bias inserted into the process.
How CyCognito worksUnlike most other reviews CSO has done, for the CyCognito platform there was no setup required. Nothing needs to be installed on the host network and there don’t need to be any assets on the inside either. The people who designed the CyCognito platform believe that even a simple act like defining IP addresses inserts bias into the testing. And because hackers aren’t given any parameters to work from, an attack surface monitoring tool shouldn’t either.
CyCognito maintains a network of over 60,000 bots scattered around the internet. The bots are constantly looking for assets connected to the internet and cataloging their findings, sort of like how Google looks for new webpages. Currently, there are about 3.5 billion assets that have been discovered by CyCognito, and that number is always growing. It’s pretty much the entire internet.
Once CyCognito is contracted to perform continuous attack surface monitoring of a company’s assets, the platform gets to work, collecting what it already knows and adding to that information. Pricing for the service is tiered and based on the number of assets in the organization’s attack surface, with yearly subscription models for the continuous monitoring.