Cybersecurity firm the Phobos Group has launched this week Orbital, a reconnaissance and risk assessment platform.
Orbital, out of beta and in public trials, is the Phobos Group’s reimagining of how a reconnaissance platform should work and look like.
It works by scanning a customer’s public-facing infrastructure and generating a report with issues it finds.
But instead of delivering a 600-page report about every minutia in a company’s IT stack using convoluted terms like CVEs, DREAD scores, STRIDE models, or ATT&CK mappings, Orbital relies on the underestimated power of “plain English.”
The focal point of Orbital reports is taken away from heavy infosec jargon and put on simple concepts like “entry points” and “attack pathways,” Phobos Group founder Dan Tentler told ZDNet in a demo last week.
Instead of a list of CVE identifiers (numeric codes for security flaws), Orbital shows how attackers could combine bugs and misconfigurations to carve a path through the company’s public-facing network.
Image: Phobos Group
Orbital also leverages a custom-built rules engine that prioritizes the most dangerous issues allowing IT personnel to act on the most dangerous issues right away.
Tentler said the focus has been on getting companies to address real security issues and get them fixed fast, rather than tick boxes in compliance tests.
“Orbital was designed from the ground up to be more impactful than bug bounties and compliance-driven vulnerability scanning,” the Phobos team said.
“There isn’t a new taxonomy or scoring metric to learn, the Attack Pathways do all the heavy lifting. You see exactly what an attacker would see, before they do.”
The Orbital platform will surface details like leaked credentials, open ports, internal hosts leaking information to the outside world, a company’s tech stack breakdown, screenshots of what attackers see of a company’s systems, and much more.
Furthermore, Orbital also uses concepts like positive reinforcement to show companies if they’re using “favorable technology stacks” and what they fixed and what has improved between scans, allowing customers to feel like they made headway in securing their networks.
Image: Phobos Group
“Orbital is geared toward the active defender who needs to prioritize risk now,” the Phobos team said. “Orbital was designed by people who want to see real change that results in tactical success against attackers.”
After months of work, teasing, and planning, Phobos Orbital is out of beta and available for trials starting this week, with pricing on demand.