Searchlight Cyber Acquires Assetnote to Accelerate Remediation
Searchlight Cyber this week revealed it has acquired Assetnote as part of an effort to unify attack surface management with its platform for detecting stolen data that has been published on the Dark Web.
Assetnote developed an agentless platform that continuously scans IT environments every hour to surface potential cybersecurity issues, including which vulnerabilities are present on any of those platforms. Existing customers include Linktree, Afterpay and Canva.
Searchlight Cyber CEO Ben Jones said the combined company will enable cybersecurity teams to trace data discovered on the Dark Web back to the vulnerability exploited in a specific stack of software running on their platforms. The overall goal is to enable cybersecurity teams to remediate cybersecurity issues faster, as the amount of software being deployed on various platforms becomes more complex, he added. Attack surface management platforms such as Assetnote help lighten the load for cybersecurity analysts, said Jones.
The Assetnote platform is unique, because in addition to mapping the IT environment, it also analyzes multiple classes of software, such as a Git repository, to confirm that a vulnerability actually exists on that platform, said Jones. That capability reduces overall cybersecurity fatigue by reducing the number of false positives generated by other cybersecurity tools, he noted.
More organizations than ever are using tools that enable them to find instances of their data that have been illicitly shared. Those insights then enable them to, for example, identify where they might need to change the passwords that provide access to a specific application or platform, noted Jones.
The challenge is correlating those data leaks back to their original source, which in many cases cybersecurity teams lack any direct control over. In many cases, however, the teams assigned to investigate alerts will discover, for example, that the software that contains a potential vulnerability hasn’t been actually loaded into memory. As the number of false positive alerts pile up, the more those teams tend to ignore those alerts. Unfortunately, when there is a breach it’s not uncommon for there to have been an alert issued that was just lost in a sea of alerts that no one acted upon.
It’s not clear how many organizations have embraced attack surface management, but the need for cybersecurity and IT teams to collaborate has never been more pressing. Most routine security operations tasks require those teams to work together to complete, however, given all the other tasks that IT teams are trying to manage cybersecurity issues may not get the level of attention needed. Cybersecurity teams need to be able to triage issues better to ensure that limited remediation resources are applied to areas that represent the highest level of risk. Otherwise, IT teams will naturally prioritize the simplest issues to resolve no matter how little a threat they may actually represent.
There may, of course, never be such a thing as perfect security. However, as more cybersecurity fundamentals are addressed the total number of cybersecurity incidents that need to be investigated and resolved should decline.