ImmuniWeb's answer

ImmuniWeb SA is a global application security company headquartered in Geneva, Switzerland. The company is profitable, cashflow positive and rapidly growing since its incorporation in 2019. The award-winning ImmuniWeb® AI Platform helps over 1,000 customers from more than 50 countries to discover, test and protect their web and mobile applications, APIs and micro services, cloud and network infrastructure, and third-party systems processing corporate data.

ImmuniWeb's answer

Companies and organizations of all sizes.

ImmuniWeb's answer

AI, Machine Learning

ImmuniWeb's answer

• Ebay
• ITU
• BDO
• Next Bank Credit Agricole,
• Arab Bank
• Swissquote
• Celgene
• Haymarket
• BancaStato

Hudson Rock's answer:

Rapid7, Etoro, BNP Paribas, Playtech, Five9, BlueVine

ImmuniWeb's answer

ImmuniWeb leverages the award-winning AI technology for intelligent automation and acceleration of laborious tasks and processes, saving as much as 90% of human time compared to traditional MSSPs. Our security experts handle only to the most complicated tasks and processes that truly deserve human intelligence thereby offering the best quality and best price of service on the global market.

Hudson Rock's answer:

Every credential presented in Cavalier was stolen directly from the browsers of victims who had a stealer type malware executed on their machine. These malwares are spread by tricking a victim to download a malicious file through various methods. the attacks are usually performed by threat actors in global opportunistic campaigns, with little discretion, so employees in companies that aren't even targeted often have their corporate credentials stolen.

Hudson Rock acquires and purchases compromised information directly from top-tier threat actors, and closed circle hacking groups. What sets this information apart, is its low availability in other high-fidelity threat intelligence companies, and its high accessibility to hacker groups looking for potential targets. Our operational knowhow, and our boots-on-the-ground approach to cybercrime comes from the IDF's 8200 Cybercrime division, and its efforts to thwart nation-state adversaries and professional threat actors.

ImmuniWeb's answer

Providing one of the most comprehensive offering in the industry, the Platform covers 20 use cases related to cybersecurity, compliance and privacy, including Attack Surface Management, Dark Web Monitoring, Web and Mobile Penetration Testing, Cyber Threat Intelligence, Third-Party Risk Management, and more. ImmuniWeb’s proprietary technology is a recipient of numerous awards and industry recognitions for practical usage of AI, including Gartner Cool Vendor, IDC Innovator and SC Awards Europe. Our Machine Learning technology stack considerably reduces application security costs of our customers by intelligent automation of laborious and time-consuming tasks, significantly accelerating those tasks in parallel.

Hudson Rock's answer:

Many cybercrime intelligence intelligence platforms aggregate data from publicly available database leaks, whereas Hudson Rock does not pursue generally available credentials as its main goal. Publicly available databases enable finding old or unrelated credentials by the same user, leaving the hacker to check if they were reused in other, more sensitive services that they’re trying to access. We consider this information to be less valuable, for several reasons:

1. Time - stolen credentials are usually published (for free) after hackers think the leads are not very valuable. This is usually AFTER the actionable threats occurred. Hudson Rock integrates data from compromised computers merely days after they were compromised, and at the same time they are obtained by sophisticated threat actors attempting to perform data breaches and ransomware attacks.
2. Relevancy to clients - data from info-stealers is the most prominent attack vector used by sophisticated hacking groups to obtain initial access to company servers, or to overtake end-user accounts, the data is unrivalled because hackers are able to bypass traditional security measures such as 2 factor authentication by injecting cookies from the compromised computers, or finding the backup codes for revoking the 2 factor authentication stored on the compromised computer.
3. Password reuse dependency - While password reuse is an issue, employees don't tend to reuse passwords to critical infrastructure across different services and end users don’t always reuse passwords across all services they use. The passwords originating from leaked databases are not remotely as impactful as passwords stolen from the browsers of the victims where there is a direct link between the domain they browsed into and their emails and plaintext passwords. This is because when a victim has had a stealer executed on their machine, all the domains, emails, usernames, and passwords they have ever used are captured. This is because when a victim had a stealer executed on his machine, all the domains, emails, usernames, and passwords they have ever used are captured.