Attack surface management platforms

Updated: August 05, 2023

Attack surface management platforms are essential tools that help organizations identify and manage potential vulnerabilities and exposures in their digital environment. These specialized platforms continuously monitor and analyze the organization's attack surface, which encompasses all the assets, systems, and services exposed to the internet or internal networks. By conducting thorough assessments, attack surface management platforms help businesses understand their cybersecurity risk posture and prioritize remediation efforts. These platforms offer insights into areas of potential weakness, such as misconfigurations, open ports, and outdated software, allowing organizations to take proactive measures to strengthen their defenses. With comprehensive visibility into their attack surface, businesses can effectively reduce their risk of cyberattacks, improve their security resilience, and protect critical assets and sensitive data from evolving threats.

See also: Top 10 Cloud Security Software

2022. Attack surface management platform RapidFort raises $8.5M



RapidFort, a startup specializing in enhancing application security, has recently secured $8.5 million in seed funding. RapidFort's core offering revolves around assisting developers in reducing the potential attack surface of their applications. It accomplishes this by automatically identifying and eliminating unused software components from application containers. By analyzing the necessary components required to run an application, RapidFort effectively reduces the overall attack surface. Development teams can continue their regular operations in development, testing, or production environments, while RapidFort identifies and removes unnecessary components. The company reports significant improvements typically ranging from 60 to 90%, enabling security and development teams to focus on addressing the vulnerabilities that truly matter.


2022. IBM acquires attack surface management startup Randori



IBM has recently announced its acquisition of Randori, a Boston-based startup specializing in offensive security. Randori combines attack surface management (ASM) with continuous automated red teaming (CART) to assist organizations in strengthening their cybersecurity defenses. ASM, which involves the ongoing discovery, inventory, classification, and monitoring of an organization's IT infrastructure, has become essential for businesses of all sizes. The pandemic-induced shift to remote and hybrid work has led to a significant increase in potential vulnerability points in hybrid cloud operating environments. According to ESG data, 67% of organizations have witnessed the expansion of their external attack surface in the past two years due to the growing adoption of cloud services, third-party platforms, and Internet of Things (IoT) devices.


2022. Cyberpion raises $27M for its external attack surface management platform



External attack surface management services, such as Cyberpion, have secured $27 million in a Series A funding round. The concept behind external attack surface management involves examining a company's entire externally accessible assets and infrastructure to proactively identify risks and vulnerabilities. The increasing awareness of the software supply chain's susceptibility, exemplified by attacks like the SolarWinds hack, has underscored the importance of this approach. Interestingly, a significant portion of enterprise IT infrastructure now exists beyond the confines of traditional company firewalls. However, a recent Gartner report revealed that only 10 percent of organizations have embraced attack surface assessment solutions thus far. This statistic suggests considerable potential for growth, as these companies will eventually need to adopt such solutions.


2021. Attack surface management startup CyCognito raises $100M



CyCognito, a startup dedicated to mitigating cyber attacks, has successfully secured $100 million in Series C funding. While operating as an attack surface management company, CyCognito distinguishes itself from others in its field through its comprehensive approach. By employing machine learning-based attack surface management, it thoroughly assesses a company's range of assets, identifying potential security gaps. Notably, CyCognito is the pioneering company capable of automating security testing on a massive scale, encompassing millions of assets.


2021. Vulcan Cyber raises $21M for its vulnerability remediation platform



Tel Aviv-based cybersecurity startup Vulcan Cyber has successfully raised $21 million in Series B funding. This new investment will be utilized to introduce innovative remediation solutions and launch the Vulcan Free platform, a risk-based vulnerability management platform available at no cost. Vulcan Cyber has consistently prioritized assisting businesses in identifying and addressing security vulnerabilities by offering a comprehensive approach. Their focus goes beyond simply alerting customers to potential risks, as they also provide guidance on prioritizing vulnerabilities based on their severity and the threat they pose to a company's assets. Security teams often face an overwhelming number of alerts, and not every vulnerability identified by scanners is equally critical. Vulcan Cyber's platform aims to alleviate this challenge by enabling teams to efficiently allocate their resources and concentrate on areas of highest importance.


2021. CYE raises $100M to help companies shore up their cyber-defenses



Israeli cybersecurity startup CYE has recently secured a funding round of $100M. CYE specializes in assisting companies in bolstering their security posture. A significant aspect of their approach involves conducting offensive operations, with the explicit consent of their customers, to identify vulnerabilities in their network defenses before malicious hackers exploit them. In addition to offering incident response and security consulting services, CYE provides its flagship product, Hyver. Hyver is a cloud-based cybersecurity optimization platform designed to enable organizations to comprehensively assess their entire network and assets. By leveraging Hyver, companies can regain control over their cyber resilience and fortify their defenses against evolving threats.


2020. Palo Alto Networks to acquire AI cybersecurity firm Expanse for $800M



Palo Alto Networks has completed the acquisition of Expanse for a total of $800 million. Expanse offers a valuable service that assists companies in comprehending and safeguarding their attack surface, identifying potential vulnerabilities to attacks. By providing the security team with insights into how the company's security profile might appear to an attacker attempting unauthorized access, Expanse enhances overall defense. The strategic integration plan involves incorporating Expanse into Palo Alto's Cortex Suite, a collection of AI-driven tools specifically designed for automated attack detection and prevention. Leveraging Expanse's extensive data resources, Palo Alto aims to further enhance its AI models, ultimately strengthening its overall security capabilities.