Startup Bit Discovery officially launched on March 27, led by cyber-security industry veteran Jeremiah Grossman. Bit Discovery is building a platform for website asset inventory and portfolio management that will help to improve cyber-security efforts.
The company has raised $2.7 million in venture funding led by Aligned Partners and also benefited from investment by Black Hat conference founder Jeff Moss and Alex Stamos, the current CISO of Facebook. Along with the funding and launch, Bit Discovery announced that it acquired privately-held startup OutsideIntel to bolster its technology base. OutsideIntel was led by Robert "Rsnake" Hansen, who had previously worked with Grossman at WhiteHat security.
Grossman founded WhiteHat Security in February 2003 and worked there until March 2016, he moved on to become the Chief of Security Strategy at SentinelOne from May 2016 until the official launch of Bit Discovery.
"The company (SentinelOne) wasn't mine and I wanted something of my own to solve a big problem that was always nagging at me," Grossman told eWEEK.
Grossman said that he started WhiteHat in 2003 to help people find vulnerabilities inside their websites. The challenge that he frequently came across was that many organizations were not aware of all their web assets, making it impossible to secure everything. That's the challenge that Bit Discovery aims to help solve, providing a web asset inventory platform.
"Hansen and OutsideIntel had the data to make asset discovery work," Grossman said. "Bit Discovery has the user-interface and management facilities for an enterprise solution, so the match just made sense."
Website Asset Discovery Technology
Grossman explained that what Bit Discovery has already done is scanned the entire internet, including port scans, DNS, Whois and domain data and it's all stored in a central location. With Bit Discovery a user types in a given domain name which queries the database, to reveal all discovered assets.
"We're geared toward publicly facing websites and internet assets," Grossman said. "Every once in a while, via a server misconfiguration, we'll find things that are internally facing."
As an example, Grossman said that for many Fortune 500 companies, Bit Discovery has discovered internal IP address ranges, mapped to public facing web information.
The idea of scanning the web is one that multiple vendors and sites have attempted. Among the most popular tools for security researchers is the shodan.io web search tool, which Grossman said serves a different purpose than what Bit Discovery aims to deliver. In Grossman's view, Shodan is a port scan of the internet that provides a wealth of data. That data however is incomplete from a web asset discovery perspective as it lacks DNS, domain and host name correlations.
"For purposes of web asset discovery, our data is going to be better," Grossman said. "Our data is different and our focus is different."
A core challenge for many firms is proper patching of vulnerable software assets, which isn't something that Bit Discovery will provide, but it will play a role, according to Grossman. He said that Bit Discovery can discover all of an organization's specific assets, for example, all of the Apache Struts powered sites. While Bit Discovery will not provide firmware and patching information, Grossman expects that his company's data can be integrated with vulnerability scanning technologies from companies like Qualys.
Grossman added that it's difficult for organizations to scan for vulnerabilities across assets they don't know about.
"Everybody wants to jump into vulnerability assessment, before doing asset inventory," Grossman said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.