CyCognito expands automated testing capabilities
CyCognito announced several enhancements to its CyCognito Automated Security Testing (AST) product, a module in the CyCognito platform built for automated exposure validation and security testing. These additions speed the configuration of automated testing for AWS cloud environments, provide enhanced data exposure detection and augment pentesters and red teams with automated reconnaissance and prioritization of issues.
CyCognito fills organizations’ critical gaps across network infrastructure, web applications and cloud by providing comprehensive, continuous security testing for all exposed systems. For example, web applications often represent the bulk of an organization’s exposed risk yet are often inadequately tested after they are in production; CyCognitor’s 2024 State of Web Application Security Testing report found that while over 60% of organizations update their web apps weekly or more, nearly 75% test them monthly or less, leaving 40% of the attack surface vulnerable.
By automating the discovery and validation of security issues that typically require intensive manual effort, CyCognito helps organizations reduce external testing costs and improve security efficiency. It addresses critical gaps across network infrastructure, web applications, and cloud environments by providing comprehensive, continuous security testing for all exposed systems.
“Successful breaches start from infrequent or untested exposed systems. Understanding a threat is just as important as the steps taken toward prevention.” said Ansh Patnaik, CPO, CyCognito. “Given the strong interest in exposure management across the industry, it’s clear that removing the coverage, accuracy and frequency gaps left by traditional security testing tools is a critical need. This is precisely why we’re continuously expanding our automated testing capabilities.”
CyCognito’s new testing features Include:
- Support for AWS Organizations: Connect CyCognito to your AWS Organization and get resources from all accounts under that organization automatically – no need for one by one additions.
- Expanded Data Exposure Detection: Identify even more sensitive data exposed in your attack surface, such as API tokens, backup files, and configuration files, so you can take appropriate action.
- Improved Pentester and Red Team Workflows: In target-rich environments, CyCognito’s custom organization and child team feature enables your SOC to quickly share targets with full recon and security test data for deeper investigation.
- Enhanced Automations for Faster Response Times: Improved integrations and API coverage supports more complex tasks, larger volumes of data and faster response to incidents.
As proof of the efficiency of CyCognito’s approach, during a typical proof of value assessment at Forbes Global 2,000 companies, CyCognito uncovers numerous previously unknown vulnerabilities and security gaps. Compared to the use of bug bounties to discover unknown external risks, CyCognito finds the equivalent of $4 million worth of vulnerabilities, and even more (up to $9 million on average) over the course of a full year. The combined power of automated discovery and testing can demonstrably save millions of dollars spent on pentesting and bug bounty programs while providing equivalent or better security.
CyCognito’s global network, consisting of over 60,000 nodes across 100 countries, delivers comprehensive testing through its proprietary multi-pass, multi-engine architecture. CyCognito AST leverages asset inventory and asset context from CyCognito Attack Surface Management (ASM) for automated test configuration and scoping. This advanced system ensures high-fidelity results with minimal noise, and covers more than 35 test categories, across vulnerability assessment, DAST, and black-box penetration testing.
Many IT security teams are challenged with achieving the testing levels necessary for their external attack surface. CyCognito’s Security Testing Gap Calculator helps organizations identify these gaps, and provides customized insight and recommendations on how to close them.