20 years ago, I founded WhiteHat Security, a company helped pioneer the Application Security industry and revolutionized vulnerability management. Beyond finding and fixing vulnerabilities throughout the SDLC, we saw that the largest and most important problem all of WhiteHat’s customers faced was attack surface management — finding all their websites so they could be scanned. As we learned, building an attack surface management product is technologically a hard problem to solve – deceptively so. This is why after leaving the company, a team of former WhiteHats and I founded Bit Discovery. Bit Discovery’s mission is to help pioneer the Attack Surface Management industry, revolutionize the way things have been done, and help companies solve a real problem. What better way to get there faster than for Bit Discovery to partner with WhiteHat Security and focus on those exact customers? So, that’s exactly what we did!
WhiteHat has always been known for the high quality of its vulnerability management products. As WhiteHat’s founder, it was important to me to stay true to these roots. This partnership enables WhiteHat Security to be the first and only application security vendor capable of offering what we call high-fidelity attack surface management.
High-fidelity attack surface management does the following:
- Identifies ALL of a customer’s Internet-facing assets. (Horizontal Coverage).
- Gains a deep technical understanding of each asset (Vertical Coverage).
- Monitors for newly deployed assets and changes in assets (Frequent Coverage)
There is no longer any reason for any company to be breached through an asset they didn’t scan for vulnerabilities, simply because they didn’t know it existed. Every holistic application security program must include attack surface management. After all, you can only secure what you know you own.
Effective immediately, when a company has its attack surface map set up in a WhiteHat-branded UI (powered by Bit Discovery), it may search by potentially 100+ points of meta-data about each individual asset. This process typically takes only seconds. In a few mouse-clicks, you can find which assets:
- are hosted on Amazon AWS or outside the U.S.
- support depreciated TLS protocols
- have soon-to-be expired certificates
- are supported by F5 products
- are front-ended by Cloudflare or Akamai
- support authentication
- are WordPress blogs that contain vulnerable third-party plug-ins
- are programmed in PHP
- show signs of being legacy development and staging systems
These are just a few examples of the unlimited number of use-cases. We’ve also built an API integration with WhiteHat Sentinel that automatically creates a list of unique websites, ranks them by priority, and displays their recommended service level.
Bit Discovery is excited to partner with WhiteHat Security, and we already have joint customers on the platform who immediately saw the value. We anticipate many more announcements in the weeks and months to follow as we continue improving upon the technology and product integration. Everyone needs to know their attack surface map. If you’re interested in seeing yours, drop us a line (email@example.com)!