“More effective than bug bounties, less triage work for internal teams”

Aardwolf provides on-going reconnaissance and security assessment of an organization’s internet-facing assets. Our proprietary platform provides a holistic view of an organization’s external risk posture by conducting constant and on-going enumeration and interrogation of root domains, subdomains, IPs and the services they expose.

Purpose

Aardwolf was developed to address a gap in the market: organizations need greater visibility of their internet-facing assets and more broadly, their organization’s external risk exposure.

Traditional network vulnerability scanning fails to uncover application-layer vulnerabilities. Bug bounty programs are a costly alternative that provide a false sense of security as programs become stale and researchers move on.

Value Proposition

Aardwolf maximizes the efficiency and effectiveness of an organization’s risk management program. Our platform inventories external assets and tracks the constantly changing interrelationships of the organization’s digital footprint. From there, Aardwolf validates defensive controls and uncovers internet-facing, high-risk vulnerabilities that traditional approaches miss. We boil the ocean, and our security consultants distill the noise into validated, contextualized findings.

Features and Capabilities

  Unauthenticated application vulnerability identification
  Dangerous-port and risky service scanning and tracking
  Subdomain enumeration and discovery
  Application directory enumeration
  Identification of dangling DNS pointers
  Internet archive data
  Storage-as-a-Service review
  Application backdoor identification
  Abricto remediation support
  Dashboarding
  Credential stuffing and password spraying
  Certificate health and compliance monitoring
  Unindexed API identification and interrogation
  Public source code identification

Vulnerability Validation-as-a-Service

  • We independently validate all vulnerabilities, eliminating false-positive notifications.
  • No more time wasted by your team drilling down into dashboards or reports trying to triage alerts.
  • Remediation efforts are focused on qualified and prioritized vulnerabilities, maximizing organizational efficiency and effectiveness.

Up-To-Date Asset Inventory

  • New internet-facing systems are discovered daily and metadata about the system is available to be consumed by your asset inventory.
  • Existing systems are continuously re-assessed for new vulnerabilities or attribute changes that should be reflected in inventory records.
  • API access available for integration with internal toolsets.

Continuous Discovery and Assessment

  • High-impact vulnerabilities, such as those that are actively being targeted in attack campaigns, are identified and prioritized.
  • Applications are assessed for vulnerabilities like SQL injection, cross-site scripting, command execution and more.
  • Management services like SSH and Remote Desktop are checked for common, guessable or previously breached credentials.
  • Cloud services are checked for configuration flaws such as exposed API keys or unsecured datastores.
  • TLS certificates are checked for integrity, expiration and vulnerable cipher-suites.

Vulnerability Validation-as-a-Service

  • We independently validate all vulnerabilities, eliminating false-positive notifications.
  • No more time wasted by your team drilling down into dashboards or reports trying to triage alerts.
  • Remediation efforts are focused on qualified and prioritized vulnerabilities, maximizing organizational efficiency and effectiveness.

Flexible Integration Options

  • View attack surface details in Aardwolf’s native dashboard or integrate with Splunk, Grafana, or ServiceNow.
  • Manage validated vulnerability findings in the Abricto Client Portal or using in-house ticketing systems like Jira.
  • Enrich your internal CMDB with Aardwolf’s real-time asset data.
  • Explore Aardwolf’s rich API, available for custom integration.

Aardwolf handles the discovery, identification and validation of external vulnerabilities.
No more false-positives and no more communication barriers.