Latest news with #EASM
Techday NZ
02-08-2025
- Business
- Techday NZ
Outpost24 launches tool to detect dark web credential leaks
Outpost24 has launched a free tool aimed at helping organisations identify whether their credentials have been exposed on the dark web. The new product, known as the Outpost24 Credential Checker, enables organisations to check if their email domain is associated with credentials that have been leaked covertly online. This new offering is powered by the company's CompassDRP Digital Risk Protection solution, leveraging Outpost24's threat intelligence database to report on compromised credentials linked to a specified domain and its web assets. Timely identification of credential exposure is regarded as critical for preventing data breaches. The company states that its Credential Checker provides a measure to spot leaked credentials before they cause serious harm, whatever the size of business. Our goal in offering our Outpost24 Credential Checker is to democratise threat intelligence and help everyone to be more secure. With our Outpost24 Credential Checker, we're offering a sneak peek into a small part of our threat intelligence knowledge base, but also making it accessible to everyone, especially those organisations with smaller budgets. The tool is designed to be straightforward to use. Users input an email address connected to their corporate domain, after which the Credential Checker scans Outpost24's database - comprising billions of compromised credentials. Within minutes, a report is generated showing whether there is a match in known public breach repositories. The free report provided to users details the number of stolen credentials discovered for a given domain and its related web assets. It also offers context on how the information may have been compromised, which includes naming prevalent malware or viruses identified as responsible for the data theft. Outpost24 reports that the Credential Checker's threat intelligence capabilities are sourced from its CompassDRP platform. This solution provides security teams with a view over an organisation's digital attack surface as well as external threats in one cloud-based system. The platform brings together asset discovery from Outpost24's EASM platform with Digital Risk Protection modules. This permits continuous monitoring of both known and unknown public-facing internal assets in addition to external threat intelligence gathered from sources across the open, deep, and dark web. When threats are identified, the system aims to prioritise them through contextual threat intelligence insights, which are intended to help security teams expedite remediation processes. The launch of the Credential Checker adds to the company's range of tools to support security teams as they aim to stay ahead of emerging digital risks. Outpost24 provides Attack Surface Management solutions designed to help security teams stay ahead of evolving cyber threats. The company supports thousands of organisations worldwide by enabling them to identify, protect against, and monitor digital risks before they can be exploited. Founded in 2001, Outpost24 is headquartered in Sweden and maintains a global presence with offices in the United States, United Kingdom, France, Belgium, and Spain. The company's services are aimed at enhancing visibility and control over potential vulnerabilities across digital infrastructures. Follow us on: Share on:
Channel Post MEA
27-06-2025
- Business
- Channel Post MEA
Bitdefender Launches External Attack Surface Management Solution GravityZone EASM
Bitdefender has announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and associated vulnerabilities. GravityZone EASM dramatically reduces threat exposure and strengthens security operations through centralized discovery, monitoring, and management of expanding attack surfaces. The attack surface, encompassing all potential entry points for adversaries, is rapidly expanding due to digital transformation, cloud adoption, remote work, and increased connectivity with third-party infrastructure, including partners and customers. Without centralized oversight, assets such as unused domains, misconfigured cloud instances, and expired certificates often go unnoticed—leaving organizations vulnerable to attackers who continuously scan the internet for exposed systems. According to Gartner®, 'Through 2029, more than 60% of security incidents will be traced to misconfigured technical security controls.'¹ Additionally, a recent survey of 1,200 cybersecurity professionals found that reducing the attack surface is a top priority in their security operations. Bitdefender GravityZone EASM is agentless, requiring no endpoint deployment, and delivers a powerful, proactive approach to identifying and understanding external risks while reducing the attack surface. It continuously discovers, maps, and analyzes internet-exposed assets from an attacker's perspective, enabling organizations to quickly assess risk, identify vulnerabilities, and take action before they are exploited. The solution is available as an add-on to Bitdefender GravityZone, the company's unified security, risk analytics, and compliance platform that delivers advanced endpoint protection (EPP), endpoint detection and response (EDR), extended detection and response (XDR), and cloud-native security. GravityZone EASM scans a wide range of asset types, including IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. From these scans, it delivers comprehensive asset discovery by detecting publicly exposed IPs, expiring or expired certificates, vulnerable public services, open ports, and more—ensuring no asset is overlooked. Key Benefits of Bitdefender GravityZone EASM: Fast internet-facing asset discovery – GravityZone EASM scans and maps all internet-facing assets including devices, domains, subdomains, applications, certificates, third-party connections, shadow IT, and more—in as little as 30 minutes. It delivers comprehensive visibility into a business's attack surface, even for unmanaged or forgotten assets. – GravityZone EASM scans and maps all internet-facing assets including devices, domains, subdomains, applications, certificates, third-party connections, shadow IT, and more—in as little as 30 minutes. It delivers comprehensive visibility into a business's attack surface, even for unmanaged or forgotten assets. Continuous vulnerability monitoring, alerting, and prioritization – GravityZone EASM continuously monitors and detects vulnerabilities and misconfigurations across internal and external assets, including those managed by partners, customers, and supply chain vendors. It delivers immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats. Alerts are prioritized by severity (e.g., CVE scores) to streamline response and remediation. – GravityZone EASM continuously monitors and detects vulnerabilities and misconfigurations across internal and external assets, including those managed by partners, customers, and supply chain vendors. It delivers immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats. Alerts are prioritized by severity (e.g., CVE scores) to streamline response and remediation. Unified security, risk management, and compliance – Seamlessly integrated with Bitdefender GravityZone, combining security, risk analytics, and compliance—GravityZone EASM supports both strategic and operational use cases. Security analysts can leverage it for threat analysis and vulnerability prioritization, while administrators benefit from broader security management capabilities such as policy enforcement and access control configuration—all within a single platform. 'Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems,' said Andrei Florescu, president and general manager at Bitdefender Business Solutions Group. 'Effective defense-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers.' Availability Bitdefender GravityZone EASM is available now for select GravityZone license tiers, and Bitdefender MDR services. For more information, visit here.
Techday NZ
26-06-2025
- Business
- Techday NZ
Bitdefender unveils EASM for proactive attack surface security
Bitdefender has launched a solution designed to provide managed service providers, businesses, and their customers with comprehensive oversight of internet-facing assets and related vulnerabilities. The release of GravityZone External Attack Surface Management (EASM) comes amid growing focus on attack surface reduction, a strategic priority identified by cybersecurity experts and highlighted in recent industry research. Gartner forecasts suggest that, through 2029, over 60% of security incidents will be linked to misconfigured technical security controls. A recent survey of 1,200 cybersecurity professionals also places attack surface reduction at the forefront of their operational concerns. The evolving digital landscape, fuelled by ongoing digital transformation, widespread cloud adoption, remote work trends, and increased integration with third-party infrastructure, is expanding the range of potential entry points that adversaries could exploit. Bitdefender pointed out that, without effective oversight, assets such as abandoned domains, improperly configured cloud resources, and expired digital certificates may go unnoticed, potentially leaving organisations exposed to attackers who habitually probe the internet for vulnerabilities. The EASM module is designed to work without requiring deployment on endpoints, providing a proactive mechanism for identifying and assessing external risks while aiming to minimise the scope of possible attack vectors. By continually discovering, mapping, and analysing internet-exposed assets from the same perspective as potential attackers, organisations are positioned to assess risk, identify vulnerabilities, and take remedial actions before any potential exploitation. GravityZone EASM is provided as an add-on to Bitdefender GravityZone, which is the company's platform for endpoint protection, endpoint detection and response, extended detection and response, and cloud-native security. The system scans a wide range of asset categories, such as IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. Comprehensive asset discovery is achieved by identifying public IPs, alerting to expiring or expired certificates, highlighting vulnerable public services, and recognising open network ports. This asset review process is intended to ensure that all relevant systems are accounted for in centralised monitoring and management. Features Bitdefender highlighted that GravityZone EASM delivers rapid discovery and visibility by scanning and mapping all internet-facing assets—including devices, domains, subdomains, applications, certificates, connections to third parties, and instances of shadow IT—within as little as 30 minutes. Organisations are provided with a full view of their attack surface, extending even to assets that are unmanaged or no longer in regular use. The solution incorporates continuous vulnerability monitoring and alerting. It detects vulnerabilities and misconfigurations across both internal and external systems, including assets managed by external partners, customers, and entities within the supply chain. Immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats are generated. Alerting is prioritised according to severity, such as CVE scores, to optimise the response processes and remediation actions. GravityZone EASM forms part of a unified approach for security, risk management, and compliance within the GravityZone platform. By integrating these functionalities, both security analysts and administrators can leverage the solution for use cases such as threat analysis, vulnerability prioritisation, policy enforcement, and configuration of access controls. All operations are managed within a single platform. "Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems," said Andrei Florescu, President and General Manager at Bitdefender Business Solutions Group. "Effective defence-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers." Bitdefender GravityZone EASM is available as an option to select license tiers of GravityZone and for use in conjunction with the company's managed detection and response services.
Scoop
26-06-2025
- Business
- Scoop
Bitdefender Launches Powerful External Attack Surface Management Solution For Businesses And Managed Service Providers
Bitdefender, a global cybersecurity leader, today announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and associated vulnerabilities. GravityZone EASM dramatically reduces threat exposure and strengthens security operations through centralised discovery, monitoring, and management of expanding attack surfaces. The attack surface, encompassing all potential entry points for adversaries, is rapidly expanding due to digital transformation, cloud adoption, remote work, and increased connectivity with third-party infrastructure, including partners and customers. Without centralised oversight, assets such as unused domains, misconfigured cloud instances, and expired certificates often go unnoticed – leaving organisations vulnerable to attackers who continuously scan the internet for exposed systems. According to Gartner®, 'Through 2029, more than 60% of security incidents will be traced to misconfigured technical security controls.'¹ Additionally, a recent survey of 1,200 cybersecurity professionals found that reducing the attack surface is a top priority in their security operations. Bitdefender GravityZone EASM is agentless, requiring no endpoint deployment, and delivers a powerful, proactive approach to identifying and understanding external risks while reducing the attack surface. It continuously discovers, maps, and analyses internet-exposed assets from an attacker's perspective, enabling organisations to quickly assess risk, identify vulnerabilities, and take action before they are exploited. The solution is available as an add-on to Bitdefender GravityZone, the company's unified security, risk analytics, and compliance platform that delivers advanced endpoint protection (EPP), endpoint detection and response (EDR), extended detection and response (XDR), and cloud-native security. GravityZone EASM scans a wide range of asset types, including IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. From these scans, it delivers comprehensive asset discovery by detecting publicly exposed IPs, expiring or expired certificates, vulnerable public services, open ports, and more – ensuring no asset is overlooked. Key Benefits of Bitdefender GravityZone External Attack Surface Management: Fast internet-facing asset discovery – GravityZone EASM scans and maps all internet-facing assets including devices, domains, subdomains, applications, certificates, third-party connections, shadow IT, and more – in as little as 30 minutes. It delivers comprehensive visibility into a business's attack surface, even for unmanaged or forgotten assets. Continuous vulnerability monitoring, alerting, and prioritisation – GravityZone EASM continuously monitors and detects vulnerabilities and misconfigurations across internal and external assets, including those managed by partners, customers, and supply chain vendors. It delivers immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats. Alerts are prioritised by severity (e.g., CVE scores) to streamline response and remediation. Unified security, risk management, and compliance – Seamlessly integrated with Bitdefender GravityZone, combining security, risk analytics, and compliance – GravityZone EASM supports both strategic and operational use cases. Security analysts can leverage it for threat analysis and vulnerability prioritisation, while administrators benefit from broader security management capabilities such as policy enforcement and access control configuration – all within a single platform. 'Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems,' said Andrei Florescu, president and general manager at Bitdefender Business Solutions Group. 'Effective defence-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers.'
Business Mayor
22-05-2025
- Business
- Business Mayor
CTM360 report: Ransomware exploits trust more than tech
A recent wave of ransomware attacks has disrupted major retailers across the UK. According to a new report from CTM360, the attackers didn't need to break down the door, they were invited in through misplaced trust and weak identity safeguards. This wasn't about advanced malware or zero-day vulnerabilities. The attackers used common tactics: impersonating IT staff, tricking employees into handing over credentials, and intercepting multi-factor authentication codes. From there, they moved across networks. What went wrong? The report outlines a familiar yet dangerous pattern: attackers gained access through social engineering, stayed hidden while gathering intel, and finally deployed ransomware to cripple operations. In one case, the attackers added their own identity provider to a retailer's single sign-on system, giving them long-term access even after passwords were changed. They monitored internal communication channels, learned how the company handled security alerts, and used that knowledge to delay detection. When the time came, they hit hard. Ransomware locked systems. Online sales stopped. Contactless payments failed. And behind the scenes, sensitive data had already been stolen for added leverage. The bigger picture Ransomware groups don't need zero-days. They rely on people, misconfigurations, and common tools. The entry point might not be malware, it might be a phone call or a spoofed login screen. For CISOs, the real lesson here isn't just about controls. It's about assumptions. These attacks succeeded not because defences failed, but because basic trust was abused: trust in employees to recognize phishing attempts, trust in identity systems to block unauthorised access, and trust in remote access tools that attackers easily repurposed. This campaign echoes a broader trend. Threat actors are targeting identity, not infrastructure. They exploit how users authenticate, how systems connect, and how access is granted across cloud and on-prem environments. What CISOs should focus on The report recommends: Seeing the organization from an attacker's perspective Reducing digital exposure across identity and supply chain systems Reviewing remote access practices Applying focused hardening policies that are easy to enforce Auditing how internal trust boundaries are managed Download CTM360's How To Harden Against Ransomware report and discover how ransomware groups are exploiting identity systems instead of technical flaws. How CTM360 can help CTM360 offers a comprehensive, fully managed cybersecurity approach to help organizations become harder targets. Its platform brings together key services such as External Attack Surface Management (EASM), Digital Risk Protection (DRP), and Third-Party Risk Management (TPRM), enabling enterprises to proactively identify and mitigate vulnerabilities. EASM helps organizations uncover hidden entry points, such as exposed IPs and applications, before attackers can exploit them. DRP goes a step further by detecting early indicators of warning (IOW) and attack (IOA), effectively disrupting cybercriminals' planning phases. For organizations dependent on vendors, TPRM provides visibility into supply chain risks by identifying insecure configurations or vulnerable third parties. Complementing these services, CTM360 also offers Cyber Threat Intelligence (CTI) tailored to specific threat profiles and tactics, as well as robust email security through Domain-based Message Authentication, Reporting and Conformance (DMARC) enforcement.
