The Edgescan Platform
One Platform.
Five Full-featured solutions.
Edgescan is an integrated cybersecurity platform that unifies five-full featured security solutions into one single combative platform.
Five integrated solutions.
Our External Attack Surface Management solution identifies security blind spots and maps all assets discovered in your global IT ecosystems. It continuously evaluates information in real-time as new assets are deployed, decommissioned or as a system changes. It uncovers all attack vectors that can be used to breach your most critical assets, including data exposures and misconfigurations.
You simply can’t secure what you can’t see.
Edgescan’s Risk-based Vulnerability Management (RBVM) solution reduces exposures by prioritizing remediation based on the level of risk posed to an organization by identifying, evaluating, and properly (re)configures the security of hybrid infrastructures. The RBVM solution is both pre-production and production safe providing ‘full stack’ coverage that includes web application, network layer (host/server) and API security testing.
Actionable risk-rated vulnerability intelligence helps security teams know where to focus first.
Edgescan’s Application Security Testing solution (AST) inspects every web application by scanning JavaScript frameworks, React, Angular, HTML5 AJAX and single page applications, it also accesses hosting infrastructure and cloud resources for exposures.
Legacy scanning solutions cannot provide the breadth and depth of an Edgescan assessment.
The Edgescan API Security Testing solution is easy to deploy and discovers, tests, and verifies APIs running in hosts across multi-cloud environments. It identifies known and rogue APIs on each host across your IP/CIDR ranges using patented, multi-layer, production safe API probing technology to discover shadow APIs and vulnerabilities.
Prioritized risk-rated results differentiates Edgescan from legacy scanning tools.
The Edgescan Penetration Testing as a Services (PTaaS) is a hybrid solution that combines the breadth of automation with the depth of human assessment, while integrated with advanced vulnerability management and analytics. Penetration testing can be used to assess web applications, APIs and network/cloud devices.
Where traditional penetration testing fails, Edgescan’s PTaaS excels.
Risk Prioritization with Verified Vulnerability Intelligence
The Edgescan platform delivers validated vulnerability data that is rated for severity using the Edgescan Validated Security Score (EVSS). In addition, the following risk-based data systems are used to prioritize risks:
- EPSS – Exploit Prediction Scoring System
- CISA KEV – CISA Known Exploited Vulnerability Catalogue
- CVSS – Common Vulnerability Scoring System
Edgescan Platform Differentiators
Unique hybrid solution
The Edgescan platform provides automated vulnerability intelligence with validation done by humans. Applications are assessed using the platform’s automated tools combined with human expertise and advanced cyber analytics.
This approach is what differentiates us from scanning tools providing real and actionable results.
Proprietary vulnerability data lake
All vulnerability information gleaned from any assessment or test is added to a growing collection of intelligence that is stored in our proprietary data lake and shared amongst the solutions. This data helps ensure accuracy speeding up remediation.
Our data accuracy is exemplified by our unique dataset being part of the Verizon Data Breach Report.
Verified vulnerabilities
Upon discovery vulnerability data is run through our proprietary analytics models to determine if the vulnerability is a true positive. If the confidence level falls below the threshold, the vulnerability is flagged for expert validation by an Edgescan security analyst.
Only real and actionable results are delivered eliminating the noise of false positives.
Unlimited and on demand vulnerability retesting
Unlimited testing and retesting of discovered issues and you can retest as often as needed.
You can verify mitigation at no additional cost – providing complete peace of mind.
Full stack coverage across web applications, network layer (host/server) and APIs
Application examples
Web applications (authenticated and unauthenticated), API’s (JSON, XML, WSDL, YAML and Graph), microservice architecture, single page applications, mobile applications.
Network asset examples
Servers, routers, switches, firewalls, domain controllers, data center, desktops (any layer 2 and layer 3 devices), printers, cloud assets, container hostnames, IOT and anything that has an IP address which is visible to Edgescan. Single IP’s, hostnames, blocks, CIDR and IPV6 are all supported.
Edgescan Platform Snapshots
Receive actionable risk intelligence with the ability to rescan on demand to ensure that your hosts and assets are fixed. This feature will tell you the following information at a glance: (ID, Name, Location, Date, Opened, Date, Closed, Risk, CVSS, Status, Layer). There are also a number of different filters that you can select to speed the process in identifying what needs to be addressed based on risk/cvss or layer. If necessary, you can also export the vulnerability data as a spreadsheet to share with team members responsible for fixing them.
Keep track of all assets and perform assessments on demand, for a holistic management of your organizations assets.
Get all your information in one location with an interactive & exportable risk metrics dashboard: Exposure factor, risk over time, mean time to remediate (MTTR), asset risk, vulnerabilities by risk rating.
The Edgescan platform intelligently probes and identifies all networking devices, internet-facing devices, platforms, operating systems, databases, and web applications. It finds unknown assets systems across the entire internet, identifies security blind spots from discovered assets, discovers APIs, enumerates shadow IT and automates the analysis of changes across the entire IT ecosystem.
The Edgescan platform has an extensive reporting system that allows you to generate a report from any page such as an Executive Summary or a PCI report. You can also select what assets to cover and the report period which gives you a number of options.