Enterprise defenders need to know what they have in their environment before they can figure out how to protect them. The challenge lies in the fact that organizations often have assets they have forgotten about, or never knew about them in the first place.
Attack surface management continuously looks at the organization’s IT infrastructure from the outside to determine what assets attackers can see. Halo Security, officially launched at Black Hat USA this week, is the latest entrant into the attack surface management space.
Halo Security’s attack surface management platform helps enterprise defenders identify and monitor all of their Internet-facing assets across clouds and service providers. The platform’s vulnerability scanning, application testing, and manual penetration testing capabilities allow defenders to detect risks and security posture improvements, as well as to organize the data to remedy found issues. The agentless and recursive discovery engine can help uncover unknown assets, the company says.
The company also announced a free scanning tool to audit the security controls of any website. The Halo Security Site Scan service audits all the certificates, headers, scripts, forms, and technologies in use on the website and makes recommendations to improve the site’s security posture.
Originally founded in 2013, Halo Security operated under the McAfee umbrella until 2021.
Attack surface management prioritizes protecting assets attackers can see. Because enterprises know they can’t protect what they can’t see, there is a growing interest in attack surface management solutions. IBM acquired Randori for an undisclosed sum back in June. Bishop Fox, the security consultancy behind the Cosmos platform that continuously maps the attack surface and identifies high-risk exposures, raised $75 million as part of a series B funding round in June.
“There’s a reason Gartner and others are sounding the alarm about the need for attack surface management tools,” said Halo Security founder and CEO Tim Dowling.