runZero Ushers in a New Era of Exposure Management
페이지 정보
- Date : 25-05-07 10:14
- View : 107
관련링크
본문
Expanded platform offers new approach to detecting and prioritizing risk, starting with comprehensive visibility across the total attack surface
AUSTIN, TEXAS — March 26, 2025 — runZero today established itself at the vanguard of a new era of exposure management, releasing new product capabilities, welcoming executive leadership with deep industry expertise, and gaining channel momentum.
runZero’s expanded platform offers a new approach to effectively manage the risk lifecycle, enabling security teams to find, prioritize, and remediate broad classes of exposures across internal and external attack surfaces, including those that evade traditional vulnerability and external attack surface management solutions. As a single source of truth for exposure management, runZero is the most effective and efficient way for organizations to proactively minimize risk across their total attack surface, including internal, external, IT, OT, IoT, mobile, and cloud environments.
“Our industry needs a paradigm shift if we’re going to successfully secure today’s complex attack surfaces. Legacy approaches are fundamentally flawed, starting with incomplete knowledge of the attack surface itself and inadequate exposure detection capabilities,” said HD Moore, founder and CEO of runZero. “Our goal is to help security teams get better outcomes, which means detecting and prioritizing the exposures that are most likely to be exploited, not flooding them with irrelevant alerts. runZero started by delivering comprehensive discovery across internal and external attack surfaces and is now leveraging novel techniques to uncover high-risk exposures that other solutions simply can’t detect.”
Overcoming persistent problems #
Traditional vulnerability management relies too heavily on CVEs, ignoring serious misconfigurations like exposed databases and poor network segmentation that often lead to breaches. These approaches detect only a limited set of vulnerabilities, and often with delays or under ideal conditions. Even focusing on known-exploited CVEs—just 0.05% of all vulnerabilities—leaves critical gaps.
Moreover, legacy tools struggle to identify unknown or unmanaged assets, making it impossible to fully assess and prioritize risk. As a result, organizations waste significant resources on remediation while still missing the most likely attack paths. Solving these long-standing issues requires a fundamentally new approach to exposure detection and risk management.
A new approach to exposure management #
runZero uses proprietary discovery technology to give organizations complete visibility across their entire attack surface, including unknown and unmanaged assets—often uncovering 25% to 10x more assets than previously known. These hidden assets are typically the most vulnerable.
With deep asset fingerprinting using nearly 1,000 attributes, runZero enables full-spectrum exposure detection that goes far beyond CVEs. It identifies misconfigurations, exposed internal systems, outdated software, insecure devices, and more—risks often missed by traditional tools.
Originally focused on CAASM (Cyber Asset Attack Surface Management), runZero is expanding into EASM (External Attack Surface Management) and broader exposure management. This strong foundation gives it unique insights into asset inventories and makes it well-suited for enterprise security strategies.
The platform also enables instant response to zero-day vulnerabilities without rescanning, by querying rich, existing asset data. runZero helps teams focus on high-priority threats through intelligent risk scoring, reducing noise and enhancing operational efficiency.
In contrast to other solutions that flood teams with alerts, runZero employs data-driven risk prioritization, highlighting the most urgent exposures by leveraging business context, device impact, and meaningful attributes. With highly intuitive risk findings, security teams can focus on critical threats while understanding their broader implications across the attack surface.
Today’s release introduces new risk findings and dashboards, providing a novel paradigm for organizing, addressing, and tracking exposures over time. These findings address the most critical areas of risk, including:
● Internet exposures: identifying internal assets unintentionally exposed to the internet
● End-of-life systems: pinpointing assets running unsupported hardware or software
● Open access services: detecting misconfigurations like unauthenticated databases or exposed management interfaces
● Known exploited vulnerabilities: highlighting assets targeted by active threats, leveraging insights from CISA KEV and VulnCheck KEV catalogs
● Compliance challenges: flagging instances of prohibited equipment or configuration issues that violate specific acquisition regulations
● Certificates and shared keys: identifying a wide range of security issues with TLS certificates and SSH host keys, including expired (and nearly expired) certificates, as well as widely shared private keys
● Best practice violations: uncovering asset and service configurations that violate security best practices such as authentication without encryption, obsolete protocol detection, and misconfigured services
● Vulnerabilities: prioritizing issues based on both natively discovered and externally imported vulnerabilities
● Rapid responses: detecting assets potentially vulnerable to emerging threats
Customers and users of runZero’s free Community Edition have immediate access to these new capabilities at no additional cost.
Channel growth fueling global expansion #
runZero has teamed up with leading channel partners to introduce their unique exposure management capabilities to organizations around the globe.
Having grown significantly over the last year, the runZero Infinity Partner Program now encompasses North America, Europe, the Middle East, Africa, Australia, and Asia, including key partners such as Guidepoint (US), Distology (UK + Europe), Secon (UK), AmiViz (Middle East), Kappa Data (Western Europe), CyberCX (Australia), and KDSys (South Korea). These organizations serve as trusted advisors, with a focus on delivering value to their customers by identifying innovative solutions to help them meet today’s security challenges.
"We are thrilled to be partnering with runZero, adding their attack surface and exposure management technology to our expanding portfolio. This amazing product bolsters the Workspace area of the Distology portfolio, and we are excited to jointly take their message to market," commented Sarah Geary, Chief Commercial Officer at Distology.
New leaders bring decades of experience in exposure management #
runZero recently welcomed two industry experts to their leadership team, collectively bringing decades of experience in exposure management as the company continues to bring innovative solutions to market.
New Vice President of Product and Engineering, Brandon Turner, spent over a decade at Rapid7 working on platform delivery and engineering; in his new role at runZero he will leverage years of industry experience to craft solutions that meet the needs of teams securing complex, dynamic attack surfaces and continue to expand runZero’s exposure management capabilities.
Additionally, Tod Beardsley recently joined runZero as Vice President of Security Research. Having held leadership roles at Dell, TippingPoint, and Rapid7, he most recently served as a Section Chief for the US Cybersecurity and Infrastructure Security Agency (CISA) where he managed the Known Exploited Vulnerabilities (KEV) catalog, considered one of the most important sources of authoritative vulnerability information in the world.
“runZero is built around the idea of, ‘how would an attacker look at my network, and are there tricks that I can borrow from them to make sense of my enterprise?’ This unique approach to exposure management provides some of the most valuable introspective intelligence on your own network available,” said Beardsley. “I’m excited to join runZero as we introduce these new capabilities to help security teams proactively mitigate risk.”
https://www.runzero.com/newsroom/exposure-management/
AUSTIN, TEXAS — March 26, 2025 — runZero today established itself at the vanguard of a new era of exposure management, releasing new product capabilities, welcoming executive leadership with deep industry expertise, and gaining channel momentum.
runZero’s expanded platform offers a new approach to effectively manage the risk lifecycle, enabling security teams to find, prioritize, and remediate broad classes of exposures across internal and external attack surfaces, including those that evade traditional vulnerability and external attack surface management solutions. As a single source of truth for exposure management, runZero is the most effective and efficient way for organizations to proactively minimize risk across their total attack surface, including internal, external, IT, OT, IoT, mobile, and cloud environments.
“Our industry needs a paradigm shift if we’re going to successfully secure today’s complex attack surfaces. Legacy approaches are fundamentally flawed, starting with incomplete knowledge of the attack surface itself and inadequate exposure detection capabilities,” said HD Moore, founder and CEO of runZero. “Our goal is to help security teams get better outcomes, which means detecting and prioritizing the exposures that are most likely to be exploited, not flooding them with irrelevant alerts. runZero started by delivering comprehensive discovery across internal and external attack surfaces and is now leveraging novel techniques to uncover high-risk exposures that other solutions simply can’t detect.”
Overcoming persistent problems #
Traditional vulnerability management relies too heavily on CVEs, ignoring serious misconfigurations like exposed databases and poor network segmentation that often lead to breaches. These approaches detect only a limited set of vulnerabilities, and often with delays or under ideal conditions. Even focusing on known-exploited CVEs—just 0.05% of all vulnerabilities—leaves critical gaps.
Moreover, legacy tools struggle to identify unknown or unmanaged assets, making it impossible to fully assess and prioritize risk. As a result, organizations waste significant resources on remediation while still missing the most likely attack paths. Solving these long-standing issues requires a fundamentally new approach to exposure detection and risk management.
A new approach to exposure management #
runZero uses proprietary discovery technology to give organizations complete visibility across their entire attack surface, including unknown and unmanaged assets—often uncovering 25% to 10x more assets than previously known. These hidden assets are typically the most vulnerable.
With deep asset fingerprinting using nearly 1,000 attributes, runZero enables full-spectrum exposure detection that goes far beyond CVEs. It identifies misconfigurations, exposed internal systems, outdated software, insecure devices, and more—risks often missed by traditional tools.
Originally focused on CAASM (Cyber Asset Attack Surface Management), runZero is expanding into EASM (External Attack Surface Management) and broader exposure management. This strong foundation gives it unique insights into asset inventories and makes it well-suited for enterprise security strategies.
The platform also enables instant response to zero-day vulnerabilities without rescanning, by querying rich, existing asset data. runZero helps teams focus on high-priority threats through intelligent risk scoring, reducing noise and enhancing operational efficiency.
In contrast to other solutions that flood teams with alerts, runZero employs data-driven risk prioritization, highlighting the most urgent exposures by leveraging business context, device impact, and meaningful attributes. With highly intuitive risk findings, security teams can focus on critical threats while understanding their broader implications across the attack surface.
Today’s release introduces new risk findings and dashboards, providing a novel paradigm for organizing, addressing, and tracking exposures over time. These findings address the most critical areas of risk, including:
● Internet exposures: identifying internal assets unintentionally exposed to the internet
● End-of-life systems: pinpointing assets running unsupported hardware or software
● Open access services: detecting misconfigurations like unauthenticated databases or exposed management interfaces
● Known exploited vulnerabilities: highlighting assets targeted by active threats, leveraging insights from CISA KEV and VulnCheck KEV catalogs
● Compliance challenges: flagging instances of prohibited equipment or configuration issues that violate specific acquisition regulations
● Certificates and shared keys: identifying a wide range of security issues with TLS certificates and SSH host keys, including expired (and nearly expired) certificates, as well as widely shared private keys
● Best practice violations: uncovering asset and service configurations that violate security best practices such as authentication without encryption, obsolete protocol detection, and misconfigured services
● Vulnerabilities: prioritizing issues based on both natively discovered and externally imported vulnerabilities
● Rapid responses: detecting assets potentially vulnerable to emerging threats
Customers and users of runZero’s free Community Edition have immediate access to these new capabilities at no additional cost.
Channel growth fueling global expansion #
runZero has teamed up with leading channel partners to introduce their unique exposure management capabilities to organizations around the globe.
Having grown significantly over the last year, the runZero Infinity Partner Program now encompasses North America, Europe, the Middle East, Africa, Australia, and Asia, including key partners such as Guidepoint (US), Distology (UK + Europe), Secon (UK), AmiViz (Middle East), Kappa Data (Western Europe), CyberCX (Australia), and KDSys (South Korea). These organizations serve as trusted advisors, with a focus on delivering value to their customers by identifying innovative solutions to help them meet today’s security challenges.
"We are thrilled to be partnering with runZero, adding their attack surface and exposure management technology to our expanding portfolio. This amazing product bolsters the Workspace area of the Distology portfolio, and we are excited to jointly take their message to market," commented Sarah Geary, Chief Commercial Officer at Distology.
New leaders bring decades of experience in exposure management #
runZero recently welcomed two industry experts to their leadership team, collectively bringing decades of experience in exposure management as the company continues to bring innovative solutions to market.
New Vice President of Product and Engineering, Brandon Turner, spent over a decade at Rapid7 working on platform delivery and engineering; in his new role at runZero he will leverage years of industry experience to craft solutions that meet the needs of teams securing complex, dynamic attack surfaces and continue to expand runZero’s exposure management capabilities.
Additionally, Tod Beardsley recently joined runZero as Vice President of Security Research. Having held leadership roles at Dell, TippingPoint, and Rapid7, he most recently served as a Section Chief for the US Cybersecurity and Infrastructure Security Agency (CISA) where he managed the Known Exploited Vulnerabilities (KEV) catalog, considered one of the most important sources of authoritative vulnerability information in the world.
“runZero is built around the idea of, ‘how would an attacker look at my network, and are there tricks that I can borrow from them to make sense of my enterprise?’ This unique approach to exposure management provides some of the most valuable introspective intelligence on your own network available,” said Beardsley. “I’m excited to join runZero as we introduce these new capabilities to help security teams proactively mitigate risk.”
https://www.runzero.com/newsroom/exposure-management/