Vulnerability coordination and bug bounty platform HackerOne has announced the launch of Attack Resistance Management (ARM), a new security solution designed to increase customers’ cyber resiliency. Intended to target the root causes of attack resistance gaps, the new solution blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement, the company said. The release comes as organizations continue to struggle to effectively monitor their attack surface and identify and tackle vulnerabilities.
ARM solution addresses attack resistance gap
The attack resistance gap defines the hidden vulnerabilities within an organization’s attack surface and is caused by incomplete knowledge of digital assets, insufficient testing, and a shortage of the right skills, HackerOne stated in a press release. The firm’s 2022 Attack Resistance Report discovered that nearly half of businesses lack the confidence and means to close security gaps, with almost 20% of participants stating that over half of their attack surface is unknown or not observable.
The new ARM solution aims to tackle this by combining surface attack knowledge with the power of ethical hackers to give organizations a security advantage, HackerOne said. “Attack resistance management is crucial to driving down cyber risk,” said Marten Mickos, CEO of HackerOne. “Our customers’ security teams have long benefited from the insights and expertise of the ethical hacking community. With ARM, those creative insights provide actionable intelligence to developers, operations, and security teams to build secure products and avert cyberattacks in a cost-effective manner. ”
Security talent management, risk ranking, development testing among new features
HackerOne said that the ARM solution aligns four key aspects of attack resistance – security talent management, reconnaissance and risk ranking, testing and triage, and skills and intelligence creation. HackerOne will bring its expertise in the recruitment, vetting, and training of ethical hackers to the approach, whilst the platform will rank hackers and connect organizations to those with the most effective skills for their specific requirements.
It will also provide insight into the exploitability of vulnerabilities and tackle the riskiest assets with continuous mapping and prioritization via a new assets tool, which is expected to be available for purchase this summer, HackerOne said. Furthermore, customers will be able to benefit from enhanced testing and triage at every stage of the development lifecycle along with a security advisory service that delivers red team enrichment, developer education, vulnerability intelligence, scanner rules, and threat modeling, HackerOne added.
Copyright © 2022 IDG Communications, Inc.