Our engineering team has been hard at work, reworking our flagship platform to enhance the Chariot platform to remain the most comprehensive and powerful CTEM platform on the market.

So what’s new? Here are several new features recently added to Chariot:

1. Unmanaged Platform

Chariot, Praetorian’s Continuous Threat Exposure Management (CTEM) solution, is now available as a self-managed platform. Organizations can now take full advantage of the same user-friendly interface and comprehensive automation suite used by our Managed Services team.

2. New Detection Capabilities

Chariot’s attack surface management capabilities received a new set of advanced detection capabilities, enabling organizations to proactively identify and mitigate novel vulnerabilities across their attack surface:

Exposed Secrets Detection

Chariot offers powerful secrets detection capability, enabling organizations to identify and mitigate the risk of exposure of sensitive information, such as passwords, API keys, and encryption keys, within their codebase.

CI/CD Misconfigurations

Chariot is now equipped with Gato, Praetorian’s proprietary GitHub misconfiguration scanner. With Gato, Chariot users can identify misconfigurations and vulnerabilities in their organization’s CI/CD pipelines, such as Pwn Requests, Insecure Self-Hosted Runners, and more.

HTTP Web Crawler

After discovering an HTTP(S) asset, Chariot exhaustively enumerates web pages, endpoints, user forms, and other potential attack surfaces for use in other capabilities.

Fuzzing for Cross-Site Scripting (XSS)

Chariot now incorporates XSS fuzzing capabilities against web assets identified with the crawler, enabling organizations to identify and mitigate injections through intelligent payload generation and analysis.

3. Integration with CISA KEV

Chariot now seamlessly integrates with Cyber Threat Intelligence (CTI) solutions such as CISA’s Known Exploited Vulnerabilities (KEV) catalog. Organizations can immediately determine if a new KEV impacts their environment or not.

4. Full Transparency

Proof of Exploit for every vulnerability

Chariot includes all relevant request-responses pairs, commands, and code needed to detect the vulnerability. Proof of Exploit data makes it easy to verify or recreate the exploit manually.

Enumeration and Scan Status Transparency

Chariot provides organizations with real-time visibility into the status, progress, and server IP of each vulnerability and detection scan across their attack surface.

Open-Source Code Base

Praetorian believes anything that runs on your infrastructure (including your web browser) must be open-sourced. As part of this belief, we open-sourced Chariot’s frontend and CLI tool. You can inspect every line of our code that runs in your environment.

5. CrowdStrike Integration

CrowdStrike Configuration Risks Detection

Chariot now integrates with CrowdStrike’s Falcon platform to identify and mitigate misconfiguration risks within your Falcon deployment. Ever wondered if all that stuff you are paying for is actually working? Find out with Chariot!

Chariot is designed to embody the principles of Continuous Threat Exposure Management (CTEM), incorporating attack surface management, vulnerability management, attack path mapping, breach and attack simulation, continuous penetration testing/red teaming, and exploit/threat intelligence. Unifying these components and wrapping in a managed service, provide unparalleled security coverage for your organization.

The post Chariot Continuous Threat Exposure Management (CTEM) Updates appeared first on Praetorian.

*** This is a Security Bloggers Network syndicated blog from Blog | Praetorian authored by Thomas Tan. Read the original post at: https://www.praetorian.com/blog/chariot-continuous-threat-exposure-management-ctem-updates/