Whether it’s determining if a client is impacted by a particular CVE or developing an exploit to prove the damaging potential of a weak vector, the CAST team is continuously working to discover, test, and provide detailed remediation guidance to the security teams they serve.


Eliminating a remote code execution vector at scale

When CVE-2020-7961 was issued for Liferay Portal, it caused concern for security teams due to the software’s popularity and widespread use. With no working exploit to test the potential RCE, many teams were in a quandary except the teams using Bishop Fox’s CAST service.


Proactive intervention on an expansive attack surface

An emerging issue in the Telerik UI left organizations across the globe scrambling to remediate the threat. Proactive monitoring and early anticipation of how quickly the issue could escalate allowed the CAST team to help a Fortune 100 retail client stay ahead of a remote code execution vulnerability and prevent further, similar attacks in other areas of their attack surface.


Ingenuity with a big impact

A new vulnerability in Citrix appliances was widespread, well publicized, and posed a critical risk for many organizations. Without a public working exploit available to their test systems, businesses were left open to attacks from bad actors who might identify their weaknesses before they could. With the announcement of the vulnerability, however, the CAST platform immediately began searching client attack surfaces for vulnerable appliances that needed further investigation. The CAST team created a safe, working exploit and provided clients with remediation guidance a month before the vendor provided an official patch.



See additional ways CAST has helped real customers solve their greatest security challenges.


A shortage of talent, limited budgets, and noisy scanners make staying ahead of risks a challenge for many security teams. CAST Operators act as an extension of your security team, gaining a deep understanding of your attack surface, performing continuous monitoring and testing, and surfacing only the issues that you care most about.

Reduce Your Attack Surface

Security teams can’t protect what they don’t know. Through product releases, mergers,acquisitions, and expanding cloud infrastructures, your attack surface is continuously changing. By using a domain-centric approach to attack surface discovery, CAST continuously monitors your perimeter and operators identify ways to reduce your number of attack vectors.

In order to address the mass of threats in a reasonable way, security and risk management leaders need to take a drastic approach to threat prioritization.

How to Respond to the 2019 Threat Landscape

Gartner (Published 16 August 2019)