EdgeScope
Discover Your Organisation’s True Attack Surface
EdgeScope is our state-of-the-art automated security analytics and attack surface management solution. Our platform is constantly watching and learning about Internet visible assets and vulnerabilities, it tracks over 20 billion entity relationships, maintains a working dataset running into tens of terabytes and processes thousands of updates every second, 24 hours a day, 365 days a year.
During the initial attack surface discovery process, EdgeScope’s analysis engine formulates a specific set of graph traversal rules that are optimised to gain maximum sustained coverage for your organisation. Combined with specific known assets, EdgeScope is then able to continually reevaluate its graph to quickly and reliably detect and analyse new elements of your attack surface.
Combined with our sophisticated attack surface discovery technology, EdgeScope is able to continually cross-reference your evolving attack surface against our analytics data to give you a comprehensive and continually updated perspective on the vulnerabilities and risks that impact your network.
Discover Exploitable Vulnerabilities. Shadow IT. Unknown Assets. Forgotten cloud infrastructure. Missing patches. Insecure configurations. And More…
Full Surface Indexing
EdgeScope collates and indexes every response from all of your on-prem and cloud based resources. This enables instant full-text searching of every Internet facing resource associated with your organisation.
When combined with a sophisticated auto complete feature, this can be used to easily find anything from known indicators of compromise through to specific protocol fields or HTML page contents.
The search interface can also provide query-based reporting covering any protocol facet from across your organisation’s attack surface. This enables instant metrics collection on anything from discovered component versions through to open TCP ports; this provides a critical validation step for any vulnerability analysis or patch deployment processes.
Fine Grained Monitoring
Custom Surface Watches enable you to monitor any aspect of your attack surface. This can be used to monitor potential indicators of a vulnerability or exploit as well as identifying potential policy violations. Surface Watches can be used to track anything from a HTML page fragment through to specific protocol fields and values.
EdgeScope has a flexible notification system to ensure you are kept up to date on any new issues or changes to your attack surface.
Continuous Analysis
EdgeScope analyses discovered components using the NIST National Vulnerability Database, the CISA Known Exploited Vulnerabilities Catalog and an additional set of internal vulnerability assessment and threat intelligence sources.
Vulnerabilities are assessed using an end-to-end risk based methodology. Rather than making an error-prone binary choice for each vulnerability, EdgeScope uses the available data sources to derive a probabilistic view of the real world risk posed by each vulnerability.
Sophisticated Asset Matching
EdgeScope has a powerful asset matching engine that uses over 7,000 custom matching rules. Our analysis engine also uses a range of indicators to determine component versions and patch dates in order to provide enhanced vulnerability detection.
EdgeScope automatically cross references all discovered assets against all known vulnerabilities and can generate an automatic notification within minutes of a new vulnerability being disclosed or a new asset being discovered.
Risk Centric Dashboard
EdgeScope provides a high level dashboard that provides a risk based view of your organisation from an external attacker’s perspective.
Any vulnerability management process that isn’t informed with an external perspective will tend to burn time patching a high number of vulnerabilities in components that are not directly reachable by an Internet based attacker. This means that the most critical issues may not be patched before they can be discovered and exploited.
EdgeSight’s risk dashboard enables operations teams and analysts to instantly home in on the most critical issues and can help prioritise internal remediation efforts to ensure you are focusing on highest risk areas first.
Security Archeology
EdgeScope uses a proprietary storage engine that utilises a purpose built data compression and deduplication system. This enables EdgeScope to maintain up to a year of Internet history along with a fully indexed view of all results from your organisation for the past month.
EdgeScope’s ability to retain and index historic data enables operations staff to gain important context on when any risks were introduced or mitigated and can provide a valuable insight into the evolution of your attack surface over time.
A historic perspective can be critical when establishing the window of exposure of a known vulnerability; this data can be invaluable during the first time-critical steps of an incident response process and can also provide important input to any root cause analysis work done as part of a breach investigation.
DNS Analytics
EdgeScope maintains a detailed history of DNS responses and provides an interactive map of domains, names, IP blocks, ASNs and Organisations that constitute your attack surface.
This capability provides a unique insight into the supply chain that is behind your Internet facing infrastructure. It also transforms previously complex tasks such as working out all organisation wide dependencies on any given IP range, ASN, or infrastructure provider into a few simple clicks.
EdgeScope also conducts continuous analysis of the collated data for misconfigurations and potential vulnerabilities related to your DNS records.
Scalable Architecture
EdgeScope was designed to be effective across a wide range of organisations; whether you have a handful of Internet connected devices or manage tens of thousands of hosts around the globe, EdgeScope can help you to reduce risks and increase the security of your organisation.
EdgeScope discovers and analyses your network from the perspective of an Internet based attacker. You will not need to deploy any internal agents or provide any host or cloud service credentials.
We offer pay-as-you-grow pricing for EdgeScope and our rule based architecture means that you can decide to cover any subset of your organisation, from a single IP, domain or ASN to your whole Internet facing attack surface.
Flexible Delivery
Organisations looking to gain additional security coverage without having to adopt a new tool can opt for one of our managed service offerings.
We will use EdgeScope to closely monitor your Internet facing attack surface and can also provide manual triage, vulnerability analysis, fix validation and additional supporting consulting work to ensure that any identified security risks or vulnerabilities are quickly and reliably detected and resolved.
Our Managed Security Monitoring service provides in-depth coverage of an organisation’s full attack surface.
Our Surface Guard service provides more focused coverage of high risk vulnerabilities and enables organisations to easily augment existing vulnerability management processes with an additional layer of defense.
Interested?
For more details on EdgeScope or our EdgeScope-based managed services, just fill in the form and we will get in touch.
Email and phone contact details can also be found on our Contact Page.
We respect your privacy: Details given here will only be used to contact you directly about your query. We will not add you to any mailing lists or pass your details on to any other organisation. For more details please refer to our Privacy Policy.