{"id":175,"date":"2020-08-07T16:25:55","date_gmt":"2020-08-07T16:25:55","guid":{"rendered":"https:\/\/www.rezilyens.com\/?p=175"},"modified":"2020-09-10T16:41:41","modified_gmt":"2020-09-10T16:41:41","slug":"cybersecurity-shifting-the-balance-of-power-rezilyens-ai","status":"publish","type":"post","link":"https:\/\/www.rezilyens.com\/cybersecurity-shifting-the-balance-of-power-rezilyens-ai\/","title":{"rendered":"Cybersecurity | Shifting the Balance of Power | Rezilyens.AI"},"content":{"rendered":"
\r\n\t
\r\n\t\t
\r\n\t\t\t\"Cybersecurity\"\r\n\t\t<\/div>\r\n\t<\/div>\r\n\t
\r\n\t\t

The most significant trend we see with the companies we meet is that attackers usually succeed.<\/b> Many companies despite significant cyber security investments \u2013 sometimes in the millions of dollars \u2013 organizations are not fully aware of their attacker-exposed IT ecosystem and risks. At the same time, attackers perform reconnaissance, identify targets and exploit weaknesses. And, they have time on their side because organizations remain unaware of their blind spots<\/p>\r\n\t<\/div>\r\n\t

\r\n\t\t

A major contributing factor to attacker success is that while IT has evolved dramatically over the past decade, Security Testing solutions have not. To be clear, most approaches that are at least two decades old, like vulnerability scanning and penetration testing. Attackers perform reconnaissance, identify targets and exploit weaknesses. Again, with the luxury of time on their side. But, if we could discover all the IT assets in your attack surface, understand their business context, and test them for weaknesses, we would be able to prevent breaches by proactively focusing on the most important risks.<\/p>\r\n\t<\/div>\r\n\t

\r\n\t

\"Cybersecurity\"<\/p>\r\n\t\t

We believe the most effective way to reduce risk is to look at the attack surface from the outside, using an attacker\u2019s point-of-view, and identify and remediate those exact attack vectors they would likely target. Those critical attack vectors are 1000 times more important than a pile of CVEs in a vulnerability scanner report. So, here is how our approach helps you demonstrate to your CEO or Board that you\u2019re improving the company\u2019s security posture.<\/p>\r\n\t<\/div>\r\n\t

\r\n\t\t

Our insurgent mission is to eliminate the world\u2019s shadow risk \u2013 <\/b>identify and eliminate the critical security risks in your organization\u2019s IT ecosystem: the shadow risk that attackers seek and target.<\/p>\r\n\t\t

We bridge the gap left by legacy tools \u2013 <\/b>bridge the gap between what legacy tools can do and what organizations need.<\/p>\r\n\t\t

Reconnaissance process \u2013 <\/b>automatically map an organization\u2019s attack surface based on the reconnaissance process, methodologies and technologies that sophisticated attackers use.<\/p>\r\n\t\t

Global botnet \u2013 <\/b>enable gathering of attacker-exposed data of nearly billion servers and devices \u2013 petabytes of data.<\/p>\r\n\t\t

Far more than port scanning \u2013 <\/b>typical port scanners scan for open ports and banners; we’re collecting dozens of fingerprints for each asset. We can detect web applications, links, references, URL patterns, headers, banners, certificates, deployed software, and unique keywords, which may resemble departments\u2019 and subsidiary names.<\/p>\r\n\t\t

Mapping the entire IT ecosystem \u2013 <\/b>using fingerprints per company to calculate the company\u2019s attack surface mathematical graph! There are dozens of iterations to calculate this attack surface graph. We start with Company X, and very quickly start discovering its subsidiaries, acquired companies and partner-specific assets that are strongly related to this company.<\/p>\r\n\t\t

IT ecosystem with context – <\/b>It\u2019s important to consider one\u2019s entire IT ecosystem data as a graph, not a list of IPs, so you can understand the content and context of each asset \u2013 and thus understand what\u2019s most attractive to an attacker.<\/p>\r\n\t\t

Reveals the attacker\u2019s path of least resistance \u2013 <\/b>simulate the attacker\u2019s assessment of the entire attack surface, focusing on finding highly exploitable assets that provide access to other critical assets in your network.<\/p>\r\n\t\t

Legacy scanners ignore attack vectors \u2013 <\/b>legacy vulnerability scanners ignore actual attack vectors, and essentially detect only CVEs in known assets.<\/p>\r\n\t\t

Evaluating like an attacker – <\/b>leverage the attacker\u2019s decision-making process to determine the discoverability level of these assets and the attractiveness level of these assets based on their business context. For instance, a mainframe or source code management system is probably much more interesting to attackers than an Apache server which may be 10 years old and has no data on it based on what attackers can see.<\/p>\r\n\t\t

Prioritizing based on business impact – <\/b>our unique analysis allows us to bring the number of critical attack vectors down from the thousands that a legacy scanner would show you to just 5 or 10. Critical attack vectors prioritized by the platform will typically include exposures that no other solution identifies. Typical penetration testing scope is less than 1% of an organization’s attack surface and are a classic \u2018checkbox\u2019 and don\u2019t suffice anymore.<\/p>\r\n\t\t

Even sophisticated organizations can be exposed – <\/b>[Real World Example] A client of ours added a third-party a deception system, which created their biggest security weak spot. The system was misconfigured by an engineer from the deception company and that misconfiguration exposed the telco\u2019s management system to the Internet. Our approach identified this critical vulnerability.<\/p>\r\n\t\t

Actionable, remediation guidance – <\/b>Each identified issue is supported with actionable, prioritized and prescriptive remediation guidance so your team knows where to start and how to get it done.<\/p>\r\n\t<\/div>\r\n\t

\r\n\t\t

The platform\u2026<\/b><\/p>\r\n\t\t

    \r\n\t\t\t
  • At its foundation, leverages a bot network to SCAN<\/b> the internet to identify all the assets that belong to your organization.<\/li>\r\n\t\t\t
  • It then builds a MAP<\/b> of your attack surface using a graph data model that understands what\u2019s yours, and what\u2019s related, based on asset fingerprints and classification.<\/li>\r\n\t\t\t
  • The platform security-TEST<\/b>s your attack surface using techniques that go beyond basic vulnerability scanning.<\/li>\r\n\t\t\t
  • Is the PRIORITIZES<\/b> risks using an attacker\u2019s perspective.<\/li>\r\n\t\t\t
  • And helps you ELIMINATE RISK <\/b>and validate it has been eliminated.<\/li>\r\n\t\t\t
  • The goal is to help you MANAGE<\/b> your CYBER RISK <\/b>and communicate the progress and status of that to your stakeholders.<\/li>\r\n\t\t<\/ul>\r\n\t<\/div>\r\n<\/div>\r\n","protected":false},"excerpt":{"rendered":"The most significant trend we see with the companies we meet is that attackers usually succeed. Many companies despite…","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[14],"tags":[],"_links":{"self":[{"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/posts\/175"}],"collection":[{"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/comments?post=175"}],"version-history":[{"count":31,"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/posts\/175\/revisions"}],"predecessor-version":[{"id":363,"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/posts\/175\/revisions\/363"}],"wp:attachment":[{"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/media?parent=175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/categories?post=175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rezilyens.com\/wp-json\/wp\/v2\/tags?post=175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}