OccamSec launched its Continuous Threat Exposure Management (CTEM) platform with the expansion of Incenter.
With threat exposure categories — API, mobile and cloud — and self-service and self-scoping capabilities, Incenter delivers a comprehensive and easy-to-deploy solution for organizations and MSSPs needing to identify and manage known and unknown threat exposures in real-time, develop security insights based on their business context and consolidate tools and technologies.
Today’s attack surface makes it difficult for security teams to gain the visibility required to keep pace with the proliferation of vulnerabilities and threats. Compounding this problem, API usage is soaring as it sprawls throughout organizations connecting systems and providing direct access to sensitive data and functionalities, becoming the number one attack vector for cyber attacks.
Most organizations don’t know what their attack surface is, meaning they often miss or overlook threats to assets that could have a critical impact on the business. This makes maintaining a security posture over time unobtainable for most.
The average time to detect and contain a breach is 287 days, making it clear that traditional penetration testing, red teaming, crowdsourcing and attack surface monitoring solutions are missing vulnerabilities, which could allow attackers to enter and sit in the network for months and that leave critical blind spots across the attack surface of organizations.
Organizations need security solutions and programs that integrate people, tools, and technologies and provide the means to test, evaluate and report on where an organization is vulnerable and the potential impact within the context of the business.
Developed to provide proactive CTEM capabilities, Incenter’s updates include:
- Self-service and self-scoping functionality – The self-service functionality gives organizations control of their testing and remediation schedules, providing flexibility to run tests as needed on-demand and align with their organization’s specific requirements. Self-scoping helps remove the often weeks-long asset mapping process and begin pen-testing their attack surface immediately. By enabling users to scope and schedule assessments and manage their security posture proactively, Incenter ensures organizations can adapt quickly to evolving threats and stay ahead of potential vulnerabilities.
- Expanded threat exposure coverage – Threat exposure types include mobile, API, and cloud environments, in addition to existing external infrastructure and web application testing. This ensures unified visibility and comprehensive protection for organizations as they navigate beyond traditional vulnerability management solutions and move towards identifying and prioritizing security issues based on business context.
- New and enhanced automated testing capabilities – Automated scanning performs continuous assessments to allow for in-depth evaluation of assets in a broad range of systems, applications and networks, significantly reducing the time and effort required for security assessments. In parallel, skilled security analysts conduct targeted manual reconnaissance and testing on priority targets, such as critical systems and applications. This synergy of techniques uncovers vulnerabilities that automated tools might miss and results in a robust and thorough security evaluation, addressing common and obscure vulnerabilities and strengthening the organization’s defenses against potential cyber threats.
- Single Sign-On (SSO) integration – Streamlines user access and enhances overall security by simplifying the authentication process and making it easier for clients to manage user access and maintain a secure environment.
Incenter is fully API driven for integration and automation and supports an increasing number of integrations, providing the capability to ingest data and export data to a variety of third-party systems.
Incenter offers flexible and scalable subscription licensing and is available now for end users, managed service providers, consultants and vCISO organizations.
Visit OccamSec at https://occamsec.com/ for more information.
