CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, announced it has agreed to acquire Reposify Ltd. Reposify provides an external attack surface management (EASM) platform that scans the internet for exposed assets of an organization to detect and eliminate risk from vulnerable and unknown assets before attackers can exploit them. With Reposify, CrowdStrike will provide a fundamentally differentiated EASM experience to customers as part of its world-renowned Threat Intelligence product suite, combining deep insights on endpoints and IT environments with internet scanning capabilities that deliver an adversarial-view of organizational risk across internal and external attack surfaces. CrowdStrike will also leverage Reposify’s capabilities to bolster its rapidly growing Security and IT Operations product suite.

The digital footprint of the modern organization is expanding at an unprecedented rate. The move to the cloud, Internet of Things (IoT), digital transformation, connected supply chain partners and related trends have led to an explosion of internet-facing assets. Cloud workloads, websites, user credentials, S3 buckets, SSL certificates, IoT, operational technology (OT), rogue IT devices, and more exist in the thousands across most organizations.

Each and every asset that is connected to the internet represents risk and exposure. Adversaries continue to refine reconnaissance methods to discover and exploit internet-facing assets, many that are rife with vulnerabilities. Threat actors even leverage automated tools to discover these assets en masse to exploit them as potential entry points to launch broader attacks.

Adversary techniques to find these vulnerabilities can often outpace an organization’s ability to discover and enforce good security hygiene on a digital asset. The unfortunate truth is that the adversary often has a better sense of the organizational risk exposure of their target than the target itself does.

Risk exposure of this nature can lead to a breach. It can lead to a shutdown of operations and a loss of productivity. For many companies, attacks exploiting internet-facing assets are becoming uncomfortably frequent.

According to the ESG Research Report on Security Hygiene and Posture Management, “Nearly seven in ten (69%) organizations admit that they have experienced at least one cyber-attack that started through the exploit of an unknown, unmanaged , or poorly managedinternet-facing asset. Additionally, organizations with the most IT assets, and subsequently largest attack surfaces, were almost twice as likely to experience several of these cyber-attacks.”.

Stopping an attack starts with understanding risk and exposure — and the adversary should never understand your risk better than you.

That’s why I’m pleased to announce that CrowdStrike has agreed to acquire external attack surface management (EASM) vendor Reposifyto help our customers identify and eliminate risk from vulnerable and unknown assets before an attacker can exploit it.

With the acquisition of Reposify, we plan to offer a fundamentally differentiated EASM experience as part of our industry-leading threat intelligence product line. By combining deep insights on endpoints and IT environments with transformative internet-scanning capabilities, customers will be able to gain an organization-wide view of risk across internal and external attack surfaces from the adversary’s perspective. The technology will also bolster capabilities in our growing ITSecOps offerings.

Proactive Protection Across the External Attack Surface

According to the Gartner "Top Security and Risk Management Trends for 2022"is the top risk that security and risk management leaders face in 2022 and beyond.

In a press release, Gartner stated that Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and IoT, open-source code, cloud applications, complex digital supply chains, social media and more have brought organizations’ exposed surfaces outside of a set of controllable assets. Organizations must look beyond traditional approaches to security monitoring, detection and response to manage a wider set of security exposures. Digital risk protection services (DRPS), external attack surface management (EASM) technologies and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps.”

At CrowdStrike, we believe that external attack surface management is critical to maintaining a strong security posture and moving away from a reactive approach to security. By understanding where shadow IT, legacy systems and unknown infrastructure potentially expose an organization, customers will be able to take a more proactive approach to managing risk, fortifying security posture and increasing resilience to cyberattacks.

This acquisition will also serve as a force multiplier for our existing threat intelligence and ITSecOps product lines. The combined power of the technologies will enable enhanced internet-scanning capabilities to track adversary networks and uncover new ones. The external view of a customer’s network and the related security posture will drive better prioritization and remediation of vulnerabilities, delivering an unrivaled internal AND external view of risk across all assets.

Why Reposify?

Reposify was founded by Yaron Tal in 2017 to help organizations take control of their external attack surfaces by providing complete and continuous visibility and actionable insight at scale. Their core technology leverages one of the largest databases of internet-facing assets to empower organizations with the most complete view of their external attack surface with just a click of a button.

The Reposify story is in many ways a CrowdStrike story. They understood there was a growing need to better understand risk from the adversary perspective. They also saw that the state of the EASM market and internet-scanning technology offering were not delivering what customers needed. This drove Reposify to find a better way.

Rather than relying on the same old approaches and technology, they started from the ground up to develop a customized proprietary scanning engine, which feeds into best-in-class asset identification and vulnerability enumeration tools.

This foresight and hard work is the main reason why Gartner named Reposify to the 2021 list of new vendors in the external attack management security category. We believe this demonstrates the importance of Reposify's innovation to the market.

“We built Reposify to enable organizations on a global scale to have visibility into the unprotected assets from the vantage point of attackers, and look forward to integrating our groundbreaking technology into the world-class CrowdStrike Falcon platform,” said Yaron Tal, founder and chief technology officer of Reposify.

The companies share a vision to provide deep visibility into organizational risks so businesses can stay ahead of attackers and stop breaches.

Learn more about the solution of CrowdStrike

iIT Distribution fully shares CrowdStrike's philosophy on cybersecurity. That's why we work with suppliers who have gained recognition for their vision and innovation. We sincerely strive to ensure that our customers are provided with sustainable cyber security solutions and a reliable IT infrastructure. Our specialists provide full support in the selection and implementation of the optimal and effective solution for cyber protection.