New Ionix service integrates cloud and on-premises security for broader risk management – Business
Israeli attack surface management startup Ionix Inc. today launched Attack Surface Cloud Cross-View, a new service that allows organizations to view their complete attack surface risk.
Attack Surface Cloud Cross-View, offered as part of Ionix’s attack surface management platform, connects Ionix ASM to an internal cloud asset view that maps all application-level dependencies. Doing so ensures that asset importance and exploitability can be assessed across cloud and on-premises infrastructures, the company said.
Ionix argues that traditional cloud security tools operate with only an inside view of cloud environments and hence fail to identify things such as cloud shadow information technology and zombie IT accounts, unintentional internet-exposed assets and digital supply chain risks. Additionally, the company claims that as cloud security is usually managed separately with dedicated tools and teams, the approach leads to gaps in the way organizations manage their holistic attack surface, resulting in a limited understanding of the importance and context of cloud assets.
“Ionix was seeing customers facing attacks that arise from the security coverage gaps in their separately managed cloud security tools and on-premises vulnerability management solutions,” said Chief Executive Marc Gaffan. “For this reason, we built Cloud Cross-View features into our ASM product to close the gaps between the two and to ensure that any asset, wherever it may reside, is a secure asset.”
Along with addressing crucial gaps in cloud security, the new service recognizes that the significance of assets is not only defined by their intrinsic value but also by their connection to more critical assets. Assets that may initially appear less critical can gain importance if they pose risks to key assets due to their connectivity.
Attack Surface Cloud Cross-View also tackles vulnerabilities within the digital supply chain, which Ionix notes are among the most exploitable attack vectors due to misconfigurations and inherent weaknesses. By extending security measures beyond traditional boundaries, CCV aims to protect organizational assets from indirect threats that originate outside of the immediate cloud perimeter.
The solution uses advanced exploit testing across cloud assets, non-cloud environments and digital supply chains. Through the integration of insights from both internal and external cloud perspectives, Ionix said, it effectively simulates attacks to pinpoint and mitigate potential security breaches before they can be exploited to enhance the overall security posture.
Ionix, which was previously known as Cyberpion, is a venture capital-backed startup that has raised $50.3 million in funding, according to Tracxn. Investors in the company include U.S. Venture Partners LP, Team8 Capital LLC and Hyperwise Ventures Inc.