Team Cymru has acquired Amplicy, a Tel Aviv-based attack surface and vulnerability management company for an undisclosed amount.
Team Cymru provides visibility into Internet traffic and offers behavior-based threat intelligence for threat hunting teams and enterprise incident responders. Amplicy, an attack surface and vulnerability management company, provides real-time Internet asset discovery to identify weaknesses in the organization’s visible perimeter, including application and infrastructure vulnerabilities. Amplicy’s asset discovery – which includes third-party assets as well as the organization’s own assets – is used to generate a risk score based on an assessment of the organization’s attack surface. A dashboard lets the organization track vulnerable assets and see the impact mitigation activities have on their risk scores.
Team Cymru plans to combine Amplicy’s insight engine into its product portfolio to provide enterprise defense teams with the ability to identify all their assets - including third-party and fourth-party assets - and remote workers connecting to their environment. The Cymru-Amplicy integration would provide organizations with a complete view of their cyber risk, Team Cymru says.
Being able to see assets belonging to third-party vendors and network infrastructure providers, as well as dependencies, would give organizations a better awareness of their supply chain risks.
According to Team Cymru, the gap between attack surface management, threat intelligence, and vulnerability management, currently makes it difficult for security teams to effectively perform all three tasks. Enterprise security teams need to know what their organization’s attack surface looks like, to understand what attackers are targeting and using what methods, and to be aware of which vulnerabilities exist in their environment. While attack surface management tools typically focus on discovering assets and mapping inventory so that organizations know what attackers are seeing, they usually don’t provide insights into the attackers’ behavior, such as what kind of things the attackers are targeting.
Combining all three into one platform to determine where attackers might strike next and what methods they will use will allow senior executives to make risk-based decisions and give defenders the knowledge to mount an effective response , Team Cymru says.
“It’s important to know what you own and what ‘owns you,’ such as third-party vendors, their network infrastructure providers, and their dependencies,” Rabbi Rob Thomas, CEO of Team Cymru, said in a statement. The combination of Team Cymru and Amplicy will provide that insight, as well as an ability to drill down and trace threats, transforming our customers’ approach to risk management and information security.”