Why Exodus?


Exodus empowers the protection of your data by ensuring that each and every discovered vulnerability in our Vault is exploitable and impactful.

Exodus discovers vulnerabilities & mitigates the most critical threats to your organization


Zero-Day Vulnerabilities

Reduce your attack surface with our Zero-day vulnerability intelligence – in-depth documentation and mitigation for never before discovered vulnerabilities in software, firmware, hardware and embedded devices that enable bad actors to exploit the weaknesses of the vulnerabilities often created during the development process.



Patch Verification

Failed patches leave organizations at risk even if they vigilantly keep up with software updates and security advisories. In 2018 and 2019, Exodus identified dozens of publicly disclosed vulnerabilities that were reportedly patched but in fact were still vulnerable because the patch did not address the root cause.



Mitigation

Exodus Intelligence does not just call attention to potential threats, we enable protection. All vulnerability intelligence packages include an explanation of the complete exploitation process, including bypassing mitigations, as well as mitigation guidance that may be implemented to close the security gaps resulting from the vulnerability. When possible Exodus provides Snort or Yara rules for each vulnerability to plug into existing defenses.



Disclosure

Exodus commits to provide all their Enterprise vulnerability research to the affected vendor within 6 months. This window allows our customers to stay ahead of the patch and ensure proper defenses before the vulnerability details become public.



How can Exodus Help Your Business?


Defensive Use Cases

  • case
    01

    Zero-Day Vulnerability Assessments

    The well-known Kenna Security risk assessment and predictive threat services identifies hosts and their susceptibility to known vulnerabilities and misconfigurations.

    By integrating zero-day intelligence from Exodus, premium Kenna users can determine if their systems are currently vulnerable to Exodus zero-day vulnerabilities.

    LEARN MORE
  • case02

    Keeping SCADA Systems Secure

    An unnamed customer works with Exodus to stay apprised of zero-day vulnerabilities affecting SCADA systems.

    The customer relays relevant details and mitigations through their early warning system, with a large subscription base of administrators overseeing critical infrastructure sites.

    READ THE FULL STORY
  • case03

    Zero-Day Protection Software Integrations

    Cisco utilizes vulnerability intelligence to deliver a combination of multi-layered security knowledge and true zero-day protection from new and emerging threats to their customers. Exodus’s zero-day intelligence assists companies like Cisco to ensure their customers are protected against the most pertinent threats.

    LEARN MORE

Active Defense Use Cases

  • case
    01

    Testing Response Procedures

    In early 2013, members of Facebook's Incident Response Team spoke at a security conference about their positive experience using Zero-Day exploits on their own (unaware) employees and systems in order to test their internal reactive procedures.

    Simulating a realistic attack enabled Facebook to better understand and improve their ability to respond to a cyber attack.

    READ THE FULL STORY
  • case02

    Attack Simulation

    Syndis is Scandinavia’s leading provider of attack technology services. Their goal-oriented methodology uses Zero-Day exploits to more closely mimic the techniques and capabilities employed by sophisticated threat actors.

    Syndis demonstrates to their customers the threat a determined attacker poses, providing measurable results and proven solutions for mitigation.

    READ THE FULL STORY

Specialized Use Cases

  • case
    01

    Partnering with Law Enforcement

    The FBI utilizes Zero-Day exploits to assist in their Lawful Intercept efforts, specifically to deploy their Computer and Internet Protocol Address Verifier (CIPAV) software on target criminal's computers.

    The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

    READ THE FULL STORY
  • case02

    Protection and Cost Savings

    Government defense department systems today face a broad and sophisticated cyber threat, with every application scanned and probed millions of times a day.

    The cost savings of third party software and service providers, the interconnectivity of software systems, as well as the proliferation of web services and cloud computing has increased the exposure of commercial off-the-shelf (COTS) software to the cyber threat.

    Exodus' expertise enables these agencies to secure their COTS applications without the need for source code.