We are excited to launch our Attack Surface Management Platform NVADR for organizations in order to help them gain holistic visibility of their perimeter security.
NVADR provides Continuous Asset Discovery as well as Data Leak Monitoring through its wide-spread distributed collectors and notifies organizations in case a new asset/data leak/security vulnerability belonging to the organization, surfaces on the internet. Through deep correlation algorithms, the verification engine maps assets to the organization and verifies the ownership, thus removing the noise and showing only actionable information.
Gartner has predicted that by 2020-21, one-third of successful attacks on the enterprise will be through shadow IT resources and leaked sensitive information.
The majority of breaches these days take place because of untracked assets or leaked sensitive information. Common examples include, exposed MongoDB / ElasticSearch instances, leaked AWS keys and tokens, Database credentials on code repositories like GitHub, etc. In 2018, Tesla’s AWS keys were left publicly exposed on the internet and attackers were able to exploit their AWS infrastructure and thus causing catastrophic damage to the organization.
Tracking an updated inventory of currently owned public assets and monitoring data leaks sounds like an obvious practice, but the majority of organizations struggle to do this continuously, effectively at a large scale. With our scaled and matured product, we solve this problem at a blazing fast speed. In the majority of cases, we have observed that companies believe they know their attack surface, but after using NVADR, they realize that they were missing a lot of sensitive areas and were blindfolded towards their security posture.
In order to be resilient against attackers, organizations need to gauge their complete attack surface, not just IP Addresses, Subdomains, but also their web/mobile applications, acquisitions, code repositories, third party associations, etc. Shubham, co-founder of @RedHuntLabs wrote an article Redefining Assets in this modern era.
We have has always been committed to helping organizations become more secure by going beyond finding assets/data leaks and also helping their customers with security tools and consultation practice.