Nowadays, securing and managing a company’s digital footprint has become an even more difficult challenge. With so many subdomains, code repositories, and applications, some assets are bound to be overlooked. As the attack surface expands, visibility of the complete landscape is essential to keep an organization’s assets safe.
Scattered and unsecured assets can often prove to be attractive entry points for an attacker.Sudhanshu Chauhan
Director & Co-Founder, RedHunt Labs
That’s why various cybersecurity tools, including penetration testing, exist to protect companies from cyber threats.
To discuss penetration and other cybersecurity, we invited Sudhanshu Chauhan of RedHunt Labs – a company on a mission to discover and eliminate risks that can often go undetected.
What was the journey like since your launch back in 2019?
We started RedHunt Labs in 2019 with a mission to solve one problem, i.e. to help companies continuously manage their Attack Surface and eliminate shadow IT risks. We were able to raise an angel round within a month of incorporation. We also started a fully owned subsidiary for technical operations. In 2020 we released our SaaS platform and have been able to acquire multiple customers for our Attack Surface Management (ASM) product ‘NVADR’. The team has now grown to 35+ and we recently crossed the milestone of USD$ 1 million in ARR.
There were multiple challenges during the journey so far, be it the COVID situation, or identifying the Product Market Fit, however with support from our customers, advisors, and community, we have been able to overcome them and look towards a bright future for the company.
Can you tell us a little bit about what you do? What makes RedHunt Labs stand out?
We are an Attack Surface Management (ASM) company, where we help organizations maintain holistic cybersecurity of their modern digital footprint, globally, by eliminating shadow IT risks and taking control of their ever-evolving assets on the Internet. In layman’s terms, we provide organizations with a “hacker’s view of their digital footprint”.
Due to dynamic infrastructures, most organizations today are not able to track their assets on the internet, while they expose their hosts, domains, subdomains, applications, code repositories, and much more. All these can become an entry point for a malicious actor. Through our agent-less SaaS platform, our customers get continuous visibility of these assets and the security risks related to them.
What makes us stand out is our unique capabilities of Open Source Intelligence (OSINT) and offensive security, which helps us deliver a wide variety of exposure for our customers. Using thousands of our data collectors deployed across the internet, we have been able to identify critical assets and security issues for our customers which could have led to a security breach.
What set of tools do you use to detect vulnerabilities?
Although there are multiple commercial and open-source tools out there, most of them are not scalable. As we have dedicated teams for development and security research, we have developed our own toolchains to deliver best-of-the-class results for our clients without affecting their performance or availability. We have written our own port scanners, web scanners, internet-wide data collectors as well as vulnerability scanning engines and chained them into a scalable system. While we rely on our security scanners, we focus a lot on finding security exposures, which is quite often the root cause of vulnerabilities.
Also, to deliver a service like ours, we need to collect, filter and store large amounts of data. Early on in our journey, we realized that the existing solutions wouldn’t cut it, so we deployed our own data collection bots to gather data and asset correlations without impacting the services we collect from.
Did you notice any new methods used by threat actors arise as a result of the pandemic?
Recently we have noticed that the threat actors are not just targeting servers and traditional IT ecosystems such as Web applications but also non-traditional assets such as public docker containers, leaked credentials in code repositories, exposed internal portals. Also, there has been a rise in services that are required for people who work from home, such as VPN encryption, RDP, etc.
In recent years, penetration testing has become standard practice. Can you briefly describe what this practice is like?
Indeed, Penetration testing has become standard practice. The goal of a penetration test is to identify exploitable issues in the provided scope, so that appropriate security controls can be implemented. A penetration test can cover different types of scope, such as Web Applications, Mobile Applications, Internal/External Network, Cloud Environments.
A standard penetration test starts with the client defining the scope of the assessment and then automated, and manual tests are performed by the testing team. A detailed report of the assessment is provided to the client, which contains the details of the identified vulnerabilities, including description, proof of concepts, steps to reproduce, remediation, and references.
Although penetration testing is a useful practice, it has two major gaps:
- Restricted scope: The scope is pre-defined and limited.
- Point in time activity: Most organizations perform penetration tests only annually or half-yearly. This leaves a gap in security between the assessments.
Having the component of discovery and being continuous makes Attack Surface Management (ASM) a perfect complement to penetration testing in any security management program for a CISO.
You recently launched an initiative called Project Resonance. Share with us, what are the key takeaways so far?
Project Resonance is an effort to “give back to the community” by creating awareness and improving the security of the Publicly Exposed data/information.
We focus specifically on identifying different kinds of systems and components that are unknown to security teams. Examples of such systems/components are unknown custom headers, data leak patterns, modern technology stacks, custom protocols, third-party dependencies, etc.
Waves are sent out to billions of assets collected by our cluster of bots deployed across the internet, and useful insights are extracted and shared with the community (through blog posts, tools release, and data sets) to serve a larger purpose of making the Internet a more secure place.
For example, recently we scanned millions of publicly exposed Docker images which were found to be leaking thousands of sensitive data (passwords, keys, etc.). In another Project Resonance wave, we shed light on thousands of unauthenticated Databases exposed on the internet.
Besides regular penetration tests, what other security measures can companies take to protect themselves against cyberattacks?
First and foremost is visibility. One can’t protect what they don’t know. Having multiple teams across multiple geographies leads to multiple untracked assets that security teams are unaware of. Having an updated inventory of the exposed assets helps in identifying and prioritizing actions.
Apart from this here are a few measures, every organization should take to better protect against cyberattacks:
- Regular patching and updating software.
- Use MFA or Passwordless technologies.
- Employee security awareness training.
- Regular Data Backup.
- Regular security assessments.
- Avoid installing software from untrusted sources.
- Following the principle of least privilege.
What security tools would you recommend for personal use?
For personal use, I would recommend using Password managers, MFA tools, Endpoint security products for both laptop/desktop and mobile devices.
And finally, what does the future hold for RedHunt Labs?
Looking at the recent trends in the ASM industry and the progress we have made so far, we are growing rapidly and will become the global leader in ASM. We are currently working on some major partnerships to deliver our product to various geographies. Also, there are multiple product integrations that we are working on, which will help organizations to observe the results from the platform easily. We are also looking to expand our R&D team to discover more attack surfaces for our customers and deliver unmatched results compared to any other product in this space.