Overview
RidgeBot:AI Agent for Continuous Security Validation RidgeBot is an AI agent designed for continuous security validation. It autonomously performs tests based on the goals set by your security team. RidgeBot can discover attack surfaces, prioritize vulnerabilities based on exploitability, automate penetration testing, and emulate adversary attacks. This continuous process validates your organization's cybersecurity posture and offers remediation suggestions. RidgeBot provides a clearer picture of your security gaps. By increasing the frequency of penetration testing, risk-based vulnerability management, and training your defense team with effective exercises, RidgeBot helps keep malicious attackers at bay. It assists your security team in overcoming knowledge and experience limitations, consistently performing at a top level. RidgeBot alleviates the shortage of security professionals by shifting from manual, labor-intensive testing to machine-assisted automation. This allows human security experts to focus their energy on researching new threats and technologies. RidgeBot Key Functions Automated Penetration Testing: Automated penetration testing replicates the actions of ethical hackers to identify and exploit vulnerabilities in your systems. RidgeBot follows a comprehensive process:
- Asset Discovery: RidgeBot automatically discovers all types of assets on your network, including devices, applications, and websites.
- Vulnerability Scanning: It utilizes a rich knowledge base to identify potential vulnerabilities in your discovered assets.
- Vulnerability Exploitation: RidgeBot employs built-in attack techniques to launch ethical attacks against identified vulnerabilities. Successful exploits are documented for further analysis.
- Reporting and Remediation: RidgeBot provides a comprehensive report with risk assessments, remediation advice, and tools for patch verification. Attack Surface Discovery: Utilizes smart crawling techniques and fingerprint algorithms to discover broad types of IT assets, including IPs, domains, hosts, operating systems, applications, websites, databases, and network/OT devices. Vulnerability Detection: Employs a proprietary payload-based testing approach, a rich knowledge base of vulnerabilities and security breach events, and various risk modeling techniques. Vulnerability Exploitation: Uses multi-engine technology to simulate real-world attacks with toolkits, collecting data for further analysis in a post-breach scenario. Risk Prioritization: Automatically forms an analytical view, visualizes the kill chain, and displays a hacker's script. It shows hacking results like compromised object data and escalated privileges. Assets Management: RidgeBot provides a centralized repository to manage enterprise IT assets for security validation, including asset IP addresses, hostnames, OS versions, open service ports, active applications with versions, website domain names, DNS resolution, and web server versions. Higher Precision and More Discoveries with AI Brain RidgeBot has a powerful AI core with an expert knowledge base that guides its attack path selection. It launches iterative attacks based on learnings along the path, achieving comprehensive test coverage and deeper inspections. Penetration Testing Scenarios: Internal Attack: Launches attacks from inside the enterprise network with customer permission, focusing on exploiting vulnerabilities discovered on local networks and systems. External Attack: Launches attacks from outside the enterprise network towards publicly accessible assets such as websites, file shares, or services hosted in public cloud/CDN. Authenticated Penetration: Simulate attacks by an insider or an external attacker who has obtained some level of authenticated access. This is particularly valuable for identifying how far an attacker could penetrate or how much damage they could inflict, starting from a position of partial system access. Lateral Movement: Escalate privilege on a compromised asset and use the compromised asset as a pivot to launch attack toward adjacent networks; discover and exploit vulnerabilities on assets deeper in the network.
Highlights
- AI Agent for Automated Penetration Testing. RidgeBot autonomously performs penetration testing tasks based on security team goals. While it operates without human intervention, the option to involve humans remains available.
- Reduce High False Positives to Zero False Positives. RidgeBot validates vulnerability using a payload-based testing approach. It not only discovers software vulnerabilities but also validates them with exploits.
- More Frequent Pentesting Without Additional Resources. With AI-powered automation, RidgeBot can perform thorough security testing on demand and across various IT assets, including network infrastructure, operating systems, databases, applications, frameworks, websites, OT, and IoT devices. It can scale to a large number of IT assets and is 100 times more efficient than human testers. It helps users stay away from the latest threats.
Details
Pricing
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Refer to RidgeBot Release Note
Additional details
Usage instructions
Refer to QuickStart Guide (Chapter 5 RidgeBot Installation - Section 7: Deploy RidgeBot on AWS)
Resources
Vendor resources
Support
Vendor support
For licenses, please email to support@ridgesecurity.ai with your company name and contact information, we'll reach out to you.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
Penetration Testing and Red Teaming tool
Reconnaissance – Asset discovery
Attack surface expansion
Vulnerability detection
Exploitation
The frequency of use depends on the license and could be like a SIEM or better an approch to understand the lake in the perimeter