External Attack Surface Management (EASM) is an important topic in cybersecurity practices in all industries. Cyber attacks can not only cripple the entire corporate infrastructure, but also have serious consequences, often associated with high costs. For this reason, it is essential to identify unknown and unmanaged online assets in the external attack surface - at an early stage, before bad actors exploit these vulnerabilities. In this way, sources of danger can be eliminated in advance and business processes can be maintained.
Cegeka Group decided to add the Sweepatic EASM Platform in their cybersecurity solutions stack to help them continuously monitor and analyze their dynamic and growing external perimeter.
Why Cegeka implemented attack surface management in their organization
Cegeka Group, a European IT solutions, services, and consultancy company, wants to keep track of and control its attack surface at all times. This is especially crucial in their mergers and acquisitions strategy. Philippe Michiels, CISO at Cegeka Group, explains:
Cegeka is a very dynamic company, with a lot of clients, projects, and an IT infrastructure. We also want to see substantial growth, partly by pursuing mergers and acquisitions. Which requires us to be very flexible towards our threat attack surface, and to keep it under control at all times.
With Sweepatic's External Attack Surface Management platform, the company is able to monitor its external perimeter continuously.
Philippe Michiels: Mapping the external threat surface has always been a key aspect for me, as a CISO. Which is why I had multiple contact moments with Sweepatic. We are particularly interested in the seeding from the domain names because this provides us with an additional dimension on the attack surface of Cegeka.
Combining the Sweepatic EASM solution with targeted external threat-hunting tests, like penetration tests, provides the threat hunters at Cegeka with multiple points of view that can be leveraged for rapid response.
Philippe Michiels: We combine the Sweepatic EASM Platform with other scanning tools, which gives us a complimentary and much more complete picture.
For the cybersecurity team at Cegeka Group, this is also the main benefit of External Attack Surface Management and the Sweepatic Platform:
Philippe Michiels: The added value of Sweepatic lies in the way we implement it. We mainly deploy it through our security office, where we primarily look for non-compliance, and resolve that. A second way of usage, complementary to penetration testing, is our external threat-hunting tests that we frequently perform. Our threat hunters specifically make use of Sweepatic to detect and use different perspectives.
Collaboration and future with Sweepatic
Future enhancements will mainly lie with automation. The integration and automation options will enable Cegeka to react to incidents and non-compliance promptly and automatically.
Philippe Michiels: I think the future with Sweepatic for Cegeka will mainly be in automation and integration. We can use their integration options to integrate our SOAR layer in the SOC (Security Operations Center) to be able to react to incidents and non-compliance more quickly and automatically.
Cegeka Group points out that the support of and collaboration with Sweepatic runs smoothly.
Philippe Michiels: The collaboration with Sweepatic is actually going very well. We have a very open communication and they welcome our feedback.
Request your personalized demo
Do you have an automatic and continuous way to discover all your online IT assets? Curious to see what your external attack surface looks like, including the unknowns? Request your free demo and find out about your attack surface up close!
Follow us on LinkedIn and Twitter and subscribe to our newsletter to get the scoop on company news and new blogposts!