Attack resistance management provider HackerOne announced the general availability of its HackerOne Assets product. Assets combines Attack Surface Management (ASM) with the expertise and reconnaissance skills of ethical hackers to bring visibility, tracking and risk prioritization to an organization’s digital asset landscape, according to the company.
Research from ESG revealed that 69% of organizations have experienced a cyberattack through the exploit of an unknown, unmanaged or poorly managed internet-facing asset. Assets will form a key part of HackerOne’s Attack Resistance Management portfolio that aims to discover unknown assets and vulnerabilities and close organizations’ security gaps, says HackerOne.
With Assets, customers can manage both the discovery and testing of assets in a single platform. The solution blends security expertise with asset discovery, continuous assessment and process improvements to reduce risk. HackerOne’s community of ethical hackers scan data and analyze it themselves, ensuring that newly found assets are tested for risk and mapped according to their metadata. Once the assets have been identified and ranked for risk, security teams can use these insights to initiate pentests on newly discovered assets and add assets to their bug bounty scope.
“HackerOne Assets solves for the inefficiencies in traditional ASM scanning” said Ashish Warty, SVP of Engineering at HackerOne, in a statement. “It’s impossible for security teams to see their entire attack surface, while cloud transformation, agile product cycles, and mergers and acquisitions keep the threat landscape growing. By combining attack surface management with the creative power of the ethical hacking community, Assets reduces manual work, increases the accuracy of scanning results, and speeds up time to remediation by prioritizing based on real world risk.”
Roy Davis, lead security engineer at Zoom, said in a statement, “Having in-depth visibility of our attack surface is a core part of our security strategy. With HackerOne Assets and the insights it brings from the hacking community, our security team has been able to effectively prioritize those areas of our attack surface that need the most attention, helping us address security gaps faster.”
HackerOne has already been running an early access program with selected enterprise customers, helping to gain critical insights into customers’ ASM drivers and investigating how to leverage the hacking community as an ASM force multiplier.