Cybersecurity firm the Phobos Group has launched this week Orbital, a reconnaissance and risk assessment platform.
Orbital[1], out of beta and in public trials, is the Phobos Group's reimagining of how a reconnaissance platform should work and look like.
It works by scanning a customer's public-facing infrastructure and generating a report with issues it finds.
But instead of delivering a 600-page report about every minutia in a company's IT stack using convoluted terms like CVEs, DREAD scores, STRIDE models, or ATT&CK mappings, Orbital relies on the underestimated power of "plain English."
The focal point of Orbital reports is taken away from heavy infosec jargon and put on simple concepts like "entry points" and "attack pathways," Phobos Group founder Dan Tentler told ZDNet in a demo last week.
Instead of a list of CVE identifiers (numeric codes for security flaws), Orbital shows how attackers could combine bugs and misconfigurations to carve a path through the company's public-facing network.
Orbital also leverages a custom-built rules engine that prioritizes the most dangerous issues allowing IT personnel to act on the most dangerous issues right away.
Tentler said the focus has been on getting companies to address real security issues and get them fixed fast, rather than tick boxes in compliance tests.
"Orbital was designed from the ground up to be more impactful than bug bounties and compliance-driven vulnerability scanning," the Phobos team said.
"There isn't a new taxonomy or scoring metric to learn, the Attack Pathways do all the heavy lifting. You see exactly what an attacker would see, before they do."
The Orbital platform will surface details like leaked credentials, open ports, internal hosts leaking information to the outside world, a company's tech stack breakdown, screenshots of what attackers see of a company's systems, and