SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Bishop Fox launches comprehensive service for business application security
Mon, 4th Mar 2024

Bishop Fox, a specialist in offensive security, has unveiled a new comprehensive service targeted at evaluating the resilience and integrity of business-critical custom applications. The Cosmos Application Penetration Testing (CAPT) is a fully-managed, technology-enabled service providing robust, expert-driven testing and validation, along with real-time threat assessment and ongoing surveillance.

The service, by offering authenticated testing through an uncomplicated interface, aims to expose high-risk vulnerabilities, offer real-time insights, and maintain continuous threat surveillance. This new offering comes as Bishop Fox's data reveals a significant increase in exploitable security exposures, indicating a more dynamic and complex application threat surface than previously.

According to the firm's data, generated from over 110 billion automations within a 12-month period, a typical organisation faces 11,000 potential security exposures in a single month, with some larger entities surpassing 250,000. The analysis also found that attackers could access 70% of critical assets in on-premise networks in just three steps and 56% could complete an end-to-end attack in under 25 hours.

The CAPT service is designed to respond to these growing security risks, from application discovery and prioritised testing, to vulnerability assessment and remediation, to ongoing vigilance. It offers businesses a flexible model to scope assessments, detailed application mapping and identification of risks connected with authenticated user access, and prioritised exposure identification focused on high-risk threats that are confirmed to be exploitable in real-world attack scenarios.

The service will provide near real-time results and access to expert testers, thus driving faster remediation timelines. In addition, it presents on-demand assessment and testing of emerging threats or new categories of vulnerabilities, or changes/updates in application functionality and environmental changes that reveal operational weaknesses.

"Applications are not deployed or used, and thus should not be tested, in a vacuum," said Kelly Albrink, Bishop Fox AVP of Consulting. "The range of potential ways in which an attacker can gain authenticated access continues to expand rapidly. As such, application testing not only needs to cover a much larger beachfront, it needs to be monitoring weather patterns and other environmental factors."

The Bishop Fox Cosmos platform executes more than 110 billion operations each year and finds an exploitable exposure on each customer’s perimeter on average every 2.5 days. By reducing the time to remediate critical vulnerabilities by 70% and cutting down 93% of resource requirements and over 5,000 hours of yearly vulnerability triage, Bishop Fox's comprehensive threat management solution significantly eases the workload on internal resources.

Importantly, the platform gives businesses a remarkable return on investment, offering a 14-to-1 average yearly ROI. This all-encompassing approach not only mitigates the exploitability of perimeter vulnerabilities but also persistently enhances the internal security posture over time.