runZero’s expanded platform offers new approach to detecting and prioritizing risk

runZero releases new product capabilities, welcomes executive leadership with deep industry expertise, and gains channel momentum.

runZero’s expanded platform offers a new approach to effectively manage the risk lifecycle, enabling security teams to find, prioritize, and remediate broad classes of exposures across internal and external attack surfaces, including those that evade traditional vulnerability and external attack surface management solutions.

“Our industry needs a paradigm shift if we’re going to successfully secure today’s complex attack surfaces. Legacy approaches are fundamentally flawed, starting with incomplete knowledge of the attack surface itself and inadequate exposure detection capabilities,” said HD Moore, founder and CEO of runZero. “Our goal is to help security teams get better outcomes, which means detecting and prioritizing the exposures that are most likely to be exploited, not flooding them with irrelevant alerts. runZero started by delivering comprehensive discovery across internal and external attack surfaces and is now leveraging novel techniques to uncover high-risk exposures that other solutions simply can’t detect.”

Overcoming persistent problems

Common Vulnerabilities and Exposures (CVEs) are the lingua franca of cybersecurity, having become synonymous with exposure — but not all vulnerabilities have CVEs. Serious misconfigurations, such as exposed databases, broken network segmentation, and unintentional exposure of management servers, are frequently the source of breaches, but rarely get the focus they deserve. Instead, organizations suffer through Sisyphean prioritization tasks that consume resources without reducing the likelihood of an incident.

Current approaches to vulnerability management only uncover a small subset of vulnerabilities, with significant delays, and only reliably identify these exposures under specific and optimal conditions. Models that focus on known-exploited CVEs, a tiny fraction of the total (0.05% according to the CISA KEV), are still leaving gaps measured in weeks that criminals exploit for financial gain.

Traditional tools also fail to discover and defend unknown and unmanageable assets, providing insurmountable challenges throughout the exposure detection and prioritization cycle. Starting with just a fraction of the attack surface makes it impossible to detect the full scope of exposures and prioritize accordingly.

As a result, organizations are spending enormous resources on remediation efforts while still missing the attack paths most likely to be exploited in their environment. Overcoming these persistent, decades-old problems requires a new approach.

A new approach to exposure management

Leveraging innovative technology and proprietary discovery techniques, runZero provides organizations the most complete and accurate visibility across their total attack surface, including unknown and unmanageable assets. On average, runZero enterprise customers report finding 25% more assets than they were previously aware of, with some environments yielding 10x more assets than security teams expected, radically expanding their view of their attack surfaces and the exposures within. These previously unknown assets are often those at the most risk, as they have not been properly tracked by either IT or security teams.

Starting with a foundation of comprehensive visibility enables runZero to provide full-spectrum exposure detection across internal and external attack surfaces. Advanced fingerprinting methodologies build detailed, accurate profiles of each asset in the environment using a library of almost 1,000 attributes. This unmatched depth of data enables the platform to identify much broader classes of exposures going well beyond CVEs to identify risks that evade traditional vulnerability and external attack surface management solutions.

“While runZero started out in the most complex side of ASM, namely the CAASM market, it is already expanding into EASM and broader exposure management use cases, which is a salutary development,” said Rik Turner, Senior Principal Analyst at Omdia. “Its CAASM background provides the most solid foundation for such a move, giving it valuable insights into a customer’s asset estate and making it a strong candidate for any ASM or exposure management project within an organization.”

With runZero, teams can uncover elusive exposures such as network segmentation failures, externally-exposed internal assets, missing security controls, insecure encryption keys, end-of-life software, prohibited devices, and misconfigured OT and IoT devices. runZero also enables organizations to quickly respond to zero days without rescanning by automatically querying data already captured in the fingerprinting process to immediately surface at-risk assets, including unmanaged devices.

In contrast to other solutions that flood teams with alerts, runZero employs data-driven risk prioritization, highlighting the most urgent exposures by leveraging business context, device impact, and meaningful attributes. With highly intuitive risk findings, security teams can focus on critical threats while understanding their broader implications across the attack surface.

This release introduces new risk findings and dashboards, providing a novel paradigm for organizing, addressing, and tracking exposures over time. These findings address the most critical areas of risk, including:

• Internet exposures: identifying internal assets unintentionally exposed to the internet
• End-of-life systems: pinpointing assets running unsupported hardware or software
• Open access services: detecting misconfigurations like unauthenticated databases or exposed management interfaces
• Known exploited vulnerabilities: highlighting assets targeted by active threats, leveraging insights from CISA KEV and VulnCheck KEV catalogs
• Compliance challenges: flagging instances of prohibited equipment or configuration issues that violate specific acquisition regulations
• Certificates and shared keys: identifying a wide range of security issues with TLS certificates and SSH host keys, including expired (and nearly expired) certificates, as well as widely shared private keys
• Best practice violations: uncovering asset and service configurations that violate security best practices such as authentication without encryption, obsolete protocol detection, and misconfigured services
• Vulnerabilities: prioritizing issues based on both natively discovered and externally imported vulnerabilities
• Rapid responses: detecting assets potentially vulnerable to emerging threats

Customers and users of runZero’s free Community Edition have immediate access to these new capabilities at no additional cost.

Channel growth fueling global expansion

runZero has teamed up with leading channel partners to introduce their unique exposure management capabilities to organizations around the globe.

Having grown significantly over the last year, the runZero Infinity Partner Program now encompasses North America, Europe, the Middle East, Africa, Australia, and Asia, including key partners such as Guidepoint (US), Distology (UK + Europe), Secon (UK), AmiViz (Middle East), Kappa Data (Western Europe), CyberCX (Australia), and KDSys (South Korea). These organizations serve as trusted advisors, with a focus on delivering value to their customers by identifying innovative solutions to help them meet today’s security challenges.

“We are thrilled to be partnering with runZero, adding their attack surface and exposure management technology to our expanding portfolio. This amazing product bolsters the Workspace area of the Distology portfolio, and we are excited to jointly take their message to market,” commented Sarah Geary, Chief Commercial Officer at Distology.

New leaders bring decades of experience in exposure management

runZero recently welcomed two industry experts to their leadership team, collectively bringing decades of experience in exposure management as the company continues to bring innovative solutions to market.

New Vice President of Product and Engineering, Brandon Turner, spent over a decade at Rapid7 working on platform delivery and engineering; in his new role at runZero he will leverage years of industry experience to craft solutions that meet the needs of teams securing complex, dynamic attack surfaces and continue to expand runZero’s exposure management capabilities.

Additionally, Tod Beardsley recently joined runZero as Vice President of Security Research. Having held leadership roles at Dell, TippingPoint, and Rapid7, he most recently served as a Section Chief for the US Cybersecurity and Infrastructure Security Agency (CISA) where he managed the Known Exploited Vulnerabilities (KEV) catalog, considered one of the most important sources of authoritative vulnerability information in the world.

“runZero is built around the idea of, ‘how would an attacker look at my network, and are there tricks that I can borrow from them to make sense of my enterprise?’ This unique approach to exposure management provides some of the most valuable introspective intelligence on your own network available,” said Beardsley. “I’m excited to join runZero as we introduce these new capabilities to help security teams proactively mitigate risk.”