Exodus Intelligence: Keeping Defenses in Place
Logan Brown, President & CEO
“Exodus provides unique, proprietary research which sets us apart from anyone else that provides vulnerability intelligence”
Cyber Security has always been a hot topic. The pandemic has brought it into the limelight with people relying more on online operations and employees working remotely. The market for defending against Cyber threats is exploding. There is a lot of noise with growing number of investments and companies starting up or spinning up products and services to make a quick buck. This tremendous explosion has made it quite hard to provide actionable intelligence that will reduce risk, reduce cost, and maintain an efficacy where an enterprise board can sleep at night with peace. Exodus Intelligence—a team of world-class reverse engineers—is one of the few companies to help distinguish the signal through the noise and provide relevant, actionable vulnerability intelligence that will immediately increase a company’s security posture.
Exodus is comprised of some of the world’s best researchers, and specializes in discovering unknown vulnerabilities in enterprise software and hardware.“Exodus provides unique, proprietary research which sets us apart from anyone else that provides vulnerability intelligence. The zero-day that we report on is discovered in-house. Not through a product sniffing network traffic or end-points for activity. This means that what we report to our customers is not yet in the wild, and there are no detections available,” explains Logan Brown, President and CEO, Exodus Intelligence.
Even with NDay vulnerabilities, the Exodus team reverse engineer the patch to understand the root cause of the vulnerability. The company’s researchers are intimately familiar with the vulnerability they are writing up. So when the team provide vulnerability details, root cause analysis, network traffic analysis, exploitation analysis, and most important, their detection and mitigation guidance; customers can be rest assured that it is detailed and thorough, and will not lead to false positive detections. “Many times when we work with the vendor to patch the issues, it takes multiple times back and forth with the vendor to assure they are properly fixing the vulnerability,” adds Brown.
As one of the pioneers in vulnerability management, Exodus’ goal is to work with product manufacturers to ensure their product is properly defending against known and unknown threats. In terms of exploitation techniques, Exodus researchers are expert reverse engineers. When a customer is using a product that Exodus have not integrated with, the team work with the customer to provide defence and detection on top of what they currently have in place, withoutany replacements. “We make vulnerability management teams much more effective and efficient, by helping them prioritize, learn, and operate on a higher level of impact with the tools necessary to have the next level of approach in their engagements,” points Brown.
According to the Brown, It’s hard to identify a direct competition to Exodus. The company is unique in its offerings with unparalleled skillset, and focus on specialty without redirection from a board or investors. Exodus is privately owned, operated, and positioned to focus and maintain a degree of quality research that most companies are unable to maintain. While talking about Exodus, Brown recalls an instance that portray the value proposition of the company when they assisted a customer that had a perimeter detection device. The client didn’t fully monitor the Zero-day signatures, as they were default set to passive detection, but not blocking. Upon investigation, they went through their customer traffic and identified a large customer in critical infrastructure that had a signature trigger that revealed that someone has continuously accessed the systems. The Exodusclient was able to notify their customer of the activity to determine what the malicious actor was after and prevent future access. Without the Exodus research, they never would have known their systems were compromised, and it might have led to a large-scale loss of infrastructure, country wide.
Exodus has been around the industry forabout a decade, borne out of the ZeroDay initiative. Exodus has grown from 5 to 40 over the years and have hundreds of years of combined experience and we have leadership that is capable of vetting the appropriate talent and offering the researchers a place to refine their skills and learn and challenge themselves daily. Today, the company is working diligently to respond to customer feedback on how to digest and utilize Exodus data. “We are close to launching a new customer portal where paying and non-paying customers will have the ability to filter, sort, and search all available vulnerability data. We will also be providing Exploitability Scores to all vulnerabilities, and mitigation guidance right in the portal. We’ll also have proprietary browser encryption tools to ensure all data is secure,” concludes Brown.