background

RidgeBot

Automated Penetration Testing.
Validate and Manage Vulnerabilities. Find Vulnerable Attack Surfaces and Lateral Movement Risks.

360-Degree Enterprise Security Validation

Intelligent Security Validation Robots to deliver Automated Penetration Testing and Adversary Cyber Emulation
ridgebot_icon

Ridge Security is changing the game with RidgeBot® , an intelligent security validation robot. Unified with state-of-the-art ethical hacking techniques and operationalized threat intelligence, RidgeBot® helps enterprises to verify its external risk exposures and internal security controls. RidgeBot® has a collective knowledge of threats, vulnerabilities, exploits, adversary tactics and techniques.

Acting like an experienced ethical attacker, RidgeBot® relentlessly locates, and documents exploits, pinpoint security control failures. Automating enterprise security validation makes it affordable with the ability to run at scale. Working within a defined scope, RidgeBot® instantly replicates to address highly complex structures.

Ridge Security enables enterprises, web application teams, DevOps, ISVs, governments, health- care, education – anyone responsible for ensuring software security – to affordably and efficiently test their systems.

Core Technologies:
  • Assets Management and Attack Surface Identification
  • RidgeBrain Expert Model and Vulnerability Mining
  • Auto-Exploitation and Smart Decision on Iterative Attacks
  • Realtime Attack Action Visualization
  • Critical Assets’ Security Control Assessment
  • Risk-based Assessment
background

RidgeBot® Key Functions

RidgeBot® is a unified system that automates the penetration testing process and emulates adversary attacks to validate an organization’s cybersecurity posture. It provides a clearer picture of your security gaps and keeps the windows of opportunity closed for malicious attackers by increasing the frequencies of penetration testing, risk-based vulnerability management and training your defense team with effective exercises RidgeBot assists security team in overcoming knowledge and experience limitations and always performs at a consistent top-level.

The shift from manual-based, labor-intensive testing to machine-assisted automation alleviates the current severe shortage of security professionals. It allows human security experts to let go of daily labor-intensive work and devote more energy to the research of new threats and new technologies.

  • Improve security test coverage and efficiency
  • Reduce the cost of security validation
  • Continuously protect the IT infrastructure
  • Produce actionable and reliable results for different stakeholders
Check out some pre-defined test scenarios

Higher Precision and More Discoveries with AI Brain

ridgebot-ridgeintelligence




RidgeBot® has a powerful “brain” that contains artificial intelligence and an expert knowledge base that guides RidgeBot®. in attack path finding/selection. It launches iterative attacks based on learnings along the path, achieving more comprehensive test coverage and deeper inspection.

RidgeBot,® a robotic security validation system, fully automates the testing process by coupling advanced ethical hacking techniques and adversary cyber emulation. RidgeBots locate, exploit and document business risks and vulnerabilities discovered, IT security controls failures during the testing process, highlighting the potential impact or damage.

ridgebot_main_features

360-Degree Enterprise Security Validation

RidgeBot® Brings 360-degree security validation within reach of every organization.

  • Automation Assistance
  • Artificial Intelligence
  • Risk Analysis
  • Powerful WordPress website plugins (Free & Paid)
  • Vulnerability Mining
  • Vulnerability Exploitation
  • Vulnerability Validation
  • Adversary Cyber Emulation
  • Task Management
  • Assets Management
  • Reporting and 3rd Party System Integration



Today’s organizations are facing cyber security challenges from multiple angles. Security teams not only need to validate IT infrastructure has no exploitable vulnerabilities which may be leveraged by a hacker or a ransomware to compromise the mission critical data, but also need to verify the expansive cyber defense solutions deployed can work as expected to detect and mitigate the most current attack techniques used by advanced persistent threats(APTs) and other malicious entities.


Cyberattacks are increasingly sophisticated and forever on the rise, hackers are developing new exploits and attack methods every month, often using tools to launch attacks automatically. In response to cyber security threats, most organizations utilize security testing(a.k.a. penetration testing) for their computer systems, websites, applications and networks, try to find risk exposures before a hacker does. While security teams’ internal pen testing expertise are limited and expensive, can’t afford to do continuous security validation. Many organizations are looking for an automated penetration testing system to address this challenge in a more manageable and cost-effective manner.

background
ridgebot_internal_attack
ridgebot_external_attack
ridgebot_laterL_MOVEMENT

Automated Penetration Testing

RidgeBot’s Automated Penetration Testing Capabilities

Reduce Time-to-Protection

RidgeBot® Pre-Defined RidgeBot® Test Scenario Templates

Full Penetration

This test utilizes various network attack techniques used by hackers. Based on threat intelligence, exploit knowledge base, it profiles assets, mines vulnerabilities and launches attacks toward target assets. Attack targets: Any assets in Intranet, extranet or private network etc.

Ransomware

This test is packaged with several dozens of commonly used techniques seen in Ransomware attacks. It helps customers quickly validate if their environments are vulnerable to Ransomware attacks or not. And with a remediation plan suggested by the test, the customers can prevent themselves from the Ransomware attacks.

Website Penetration

This test launches cyber attacks against target websites, web applications and all related attack surfaces to gain control of the target website. The attack targets include self-developed or CMS based websites.

Internal Host Penetration

This test launches attacks from inside of corporate network to validate security system’s response toward an internal threat. It uses advanced techniques such as privilege escalation, lateral movement, domain penetration and others. The target of attack includes: all network accessible internal hosts.

Weak Credential Exploit

It launches direct or iterative attacks based on sensitive information collected via weak credential or unauthorized access vulnerabilities. Attack targets include: redis, elasticsearch, ActiveMQ, database, web login and other applications.

3rd Party Framework

It launches privilege escalation and iterative attacks based on known 1-day or n-day vulnerabilities detected on. Penetration target the 3rd party framework. Attack targets include: Struts2, spring, fastjson, ThinkPHP and other frameworks.It launches privilege escalation and iterative attacks based on known 1-day or n-day vulnerabilities detected on Penetration target the 3rd party framework. Attack targets include: Struts2, spring, fastjson, ThinkPHP and other frameworks.

Asset Profiling

This test profiles assets and digs out all attack surfaces based on domain names/sub-domain names, peripherals, encryption key, API, framework, open ports etc.