RedHunt Labs, a U.K.-based provider of defensive security and open-source intelligence solutions, has launched a software-as-a-service product designed to help companies monitor attack surfaces and discover new and old assets that are publicly exposed.
The attack surface management platform, dubbed NVADR, offers continuous asset discovery and data leak monitoring capabilities that immediately notify an organization if a new asset, data leak or security vulnerability surfaces online.
NVADR also features a verification engine that filters out any unnecessary data and reports only actionable information, allowing companies to deploy suitable countermeasures to address vulnerabilities, RedHunt Labs said Monday.
Untracked assets and leaked sensitive information can compromise an organization’s operations. In 2018, Tesla’s Amazon Web Services keys were left publicly exposed on the internet, allowing unauthorized users to access the automaker’s cloud infrastructure and expose proprietary data.
In an article titled “Redefining Assets,” Subham Mittal, co-founder of RedHunt Labs, said that companies looking to bolster their cybersecurity resilience must gauge their complete attack surface, including IP addresses, subdomains, web and mobile applications, code repositories and third-party associations.
RedHunt Labs said that companies that have started to use NVADR were able to uncover sensitive areas that were not identified by their existing attack surface management platform.
RedHunt Labs explained that NVADR uses multiple techniques and maintains a detailed asset inventory with different filtering options based on Tech Stack, Port, Asset Tag and other programming languages. Users can also integrate the platform with Amazon Web Services, Azure, Google Cloud Platform and IBM Cloud to gain greater oversight of publicly exposed assets.
NVADR is particularly useful for security consultancies that do not have a setup for asset discovery and OSINT, RedHunt Labs said.
The platform can help find assets while focusing on discovering more vulnerabilities.
Other organizations that can benefit from the cloud-based offering include startups, cyber insurance vendors, managed service providers and enterprises.