Start EASM

Main article: EAM system

2024: Start EASM Presentation

The Russian information security solutions company Start X (ex-Antifishing) on June 14, 2024 introduced Start EASM, a product for managing public technical and human assets.

Such assets include publicly available corporate logins and passwords, forgotten service domains, test environments, documents with confidential information, files with personal data of clients. All of them appear in the public domain as a result of unsafe actions of employees or contractors: DevOps engineers, developers, HR managers and other colleagues.

Such assets are primarily found and used by attackers to penetrate the company's infrastructure and gain access to customer systems and data. For example, they can find a document with the data of the company's customers in a task tracker, to which the employee opened public access. Or buy out a forgotten corporate domain and create a phishing page to collect corporate logins and passwords for subsequent targeted attacks on employees.

On average, companies do not know about 30% of their public assets, each of which can cause a security incident. Start EASM helps to see such assets in advance and eliminate related vulnerabilities before attackers exploit them.

Our product helps not only identify the surface of the attack, but also shows the connection between threats to the company and unsafe actions of people. Thanks to this, security teams can see and eliminate the very cause of such vulnerabilities - through targeted training of their employees, training safe work skills and delivering current requirements to product teams, "said Sergey Voldokhin, Product Director of the Start X Ecosystem.