Provider of a bug bounty program, Bugcrowd recently added a new service from which selected white-hat hackers can help root out a company's vulnerable and exposed network devices on the Internet. Controlled by contextual information from over seven years and 1200 managed programs, ASM provides a Crowd-driven approach to reduce risk by helping the IT and security teams determine and the past assets which were unknown or not given attention to, in terms of security.
In a prediction by Gartner in 2020, one-third of the successful attacks on the company, as indicated in the press release Bugcrowd posted, "will be through shadow IT resources." Relatively, businesses must understand their entire attack surface to assess the risk appropriately. Nevertheless, shadow and legacy IT assets and applications frequently fall out of sight, setting up exploitable blind spots because of unprioritized testing or lapsed patching.
The ASM Features
ASM is Bugcrowd's first crowd-driven solution for the reduction of the unknown or unfamiliar attack surface by matching the malicious attackers' attempt and scale with the impact and creativity of the attack-minded and trusted defenders. ASM has different features. One is the Hacker selection that allows one to select proper security researchers from a worldwide network of "vetted what-hat hackers."
The Mapping and Attribution is yet another impressive feature that lets one identify assets belonging to his organization. The next equally important feature has something to do with mapping and attribution, which can identify the assets belonging to a particular organization. The risk-based prioritization is yet another impressive feature that can determine the risk level with data from the managed programs of Bugrowd. The last of all the ASM features is reporting suggested three ranked risks that can cause damage and compromise online security.
The ASM Cost
Customers in search of IT asset discovery tools usually concentrate on whether such a device can find as much of the software and hardware deployed within their environment. And when it comes to cost, there's a set price for the ASM. The one-time costing is different from the other Bugcrowd products' pricing model, which frequently entails a bounty pool. This was according to Casey Ellis, Bugcrowd CTO.
ASM will remarkably offer a benchmark of network assets and can also be set to trace devices on a continuous basis. For new tools, they are frequently placed on the Internet beyond the security team's purview, and this is what's making it difficult for keeping or tiding them. And finally, the new ASM offer is doubling down that there is not much focus on bug bounties and susceptibility closure.