Paradigm Shift in Vulnerability Assessment
As I noted in Part 1 “My Journey to Intelligent-Data” I mentioned that it had been my privilege to have participated in several CIO summits of Venture firms in Menlo Park. As a result, I have been able to get early insight on “what’s next” in many technology platforms. I wanted to be among the first to champion those to our clients past and future as a channel partner. Hence Intelligent-Data is ‘rolling out’ by selecting a best in breed Cybersecurity platform (from our lens) first – then later the addition of AI/ ML productivity platforms – these applications from a top 5 USA Venture group with winning record of successes.
One great platform at a time.
Why now?
The truth is that I did not see any breakthrough technologies or platforms with real differentiators that could become a new de-facto standard. Discovery of external threat vectors still revolved around one of three processes, or combination (with some specialties - i.e. email etc.) consisting of these tests: (1) Scanner appliances (software / hardware) that are placed in/on a network to look for vulnerabilities - (2) PEN Testing (3) CEH Certified Ethical Hackers. Some or all of these are offered by outsourced MSSP’s and appeared, from my lens, to offer an outdated process. Organizations attack surfaces have evolved and the complexity of the security environments must be matched with enhanced tactics. Deep probes into all SaaS, IaaS and very importantly, 2nd & 3rd party partners must be conducted. Machine learning and artificial intelligence are part of the three tests above- yet they all (exception CEH) ask for permission or require pre-knowledge of the client’s network. Such is an advantage NO hacker would have, therefore results have a bias and missing critical data.
First up for Intelligent-Data is an offensive cybersecurity vulnerability assessment platform that no other process was able to match and answered all my Cyber Security – Why’s.
Answering my WHY’s?
Why couldn’t a cybersecurity platform offer everything the results that a scan would; a PEN-test could, trending analytics do, and what an ethical hacker delivers? (4# huge deliverables - yikes that’s a lot)
Why couldn’t the platform be consistent 24x7x365, be autonomous (no false alarms- no one needs more work) be a new type of managed service? It would have to drill down into results, create a prioritization of critical issues and offer an easy to read dashboard and a blueprint on how a hacker would view the attack surface- that being- what is the easiest path in? Results on issues should offer a ‘map’ on how and where the issues were discovered along with remediation instructions.
Why couldn’t the platform reveal every asset, known and UNKNOWN that touch an enterprise, medical center, university, government site - everyone with a large attack surface that included Cloud, SaaS, IaaS, as well as 2nd and 3rd party partners; in other words, go far beyond what todays network scanners do?
It was/is a lot to desire, not the least of which it was beyond what humans (CEH) can accomplish alone. Humans - must sleep and cannot be continuous let alone have visibility 24x7x365 of incoming attack vectors via proven and mapped attack simulations.
The answer required that the platforms technology must think like a ‘bad actor/hacker’ does. Think about it, does a hacker (who wishes to cause harm) have ANY advantages? NO! Do they get an IP range to test? NO ! Are they invited and given permission to place a software agent or asset on your network? NO! Ethical hackers can be costly, usually given short contract periods to test, therefore it is impossible to be autonomously continuous. So, a NEW platform must NOT ask for anything - zero- a public URL/website would have to be enough, that is all a bad actor would have.
The answer arrived with CyCognito. This platform has turned the tables by using botnets for good ! The platform answers all ‘my whys’ with - “yes- it does”! The platform is a paradigm shift in vulnerability testing using the largest botnet that causes no harm. The botnet platform NEVER stops, it is continuous, it is autonomous (no false alarms) it preforms attack simulations from the largest botnet network in the world -- from around the world. It does it all… it will be, (from our lens) the new de-facto standard in vulnerability assessment.
I am VERY EXCITED…to announce that Intelligent-Data’s boutique team is proud to be named an authorized reseller for CyCognito
Finally, expect great attention from the Intelligent-Data team to assure client success. We will be sure to channel the right team to organize a revealing POV/POC readout results of your botnet simulated attack direct from CyCognito. The result, you will see a “blueprint” of how a hacker sees your attack surface including a map of vectors into your attack surface from a very extended ecosystem of 2nd & 3rd party partners.
The CyCognito platform can also be an invaluable process not only to help protect companies but be a key step during any due-diligence process (inheritance) of others IT networks. Special realms can be created to target new acquisitions to provide real data on the risk. It provides new visibility for cyber insurance companies’ awareness to truly score risk prior to offering a premium quotation.
New CISO’s – note - CyCognito is a great process to quickly understand you are now in oversight of.
Intelligent-Data Authorized Reseller for CyCognito
Maine to Miami / LATAM
www.intelligent-data.com bobr@intelligent-data.com (Boston office)
daniel@intelligent-data.com (Miami/LATAM office)
www.cycognito.com Proven platform helping some of USA & International top brands every minute of every day “Kill Shadow Risk” right now!