Our engineering team has been hard at work, reworking our flagship Chariot platform to remain the most comprehensive and powerful CTEM platform on the market.
So what’s new? Here are several new features recently added to Chariot:
1. Unmanaged Platform
Chariot, Praetorian’s Continuous Threat Exposure Management (CTEM) solution, is now available as a self-managed platform. Organizations can now take full advantage of the same user-friendly interface and comprehensive automation suite used by our Managed Services team.
2. New Detection Capabilities
Chariot’s attack surface management capabilities received a new set of advanced detection capabilities, enabling organizations to proactively identify and mitigate novel vulnerabilities across their attack surface:
Exposed Secrets Detection
Chariot offers powerful secrets detection capability, enabling organizations to identify and mitigate the risk of exposure of sensitive information, such as passwords, API keys, and encryption keys, within their codebase.
CI/CD Misconfigurations
Chariot is now equipped with Gato, Praetorian’s proprietary GitHub misconfiguration scanner. With Gato, Chariot users can identify misconfigurations and vulnerabilities in their organization’s CI/CD pipelines, such as Pwn Requests, Insecure Self-Hosted Runners, and more.
HTTP Web Crawler
After discovering an HTTP(S) asset, Chariot exhaustively enumerates web pages, endpoints, user forms, and other potential attack surfaces for use in other capabilities.
Fuzzing for Cross-Site Scripting (XSS)
Chariot now incorporates XSS fuzzing capabilities against web assets identified with the crawler, enabling organizations to identify and mitigate injections through intelligent payload generation and analysis.
3. Integration with CISA KEV
Chariot now seamlessly integrates with Cyber Threat Intelligence (CTI) solutions such as CISA’s Known Exploited Vulnerabilities (KEV) catalog. Organizations can immediately determine if a new KEV impacts their environment or not.
4. Full Transparency
Proof of Exploit for every vulnerability
Chariot includes all relevant request-responses pairs, commands, and code needed to detect the vulnerability. Proof of Exploit data makes it easy to verify or recreate the exploit manually.
Enumeration and Scan Status Transparency
Chariot provides organizations with real-time visibility into the status, progress, and server IP of each vulnerability and detection scan across their attack surface.
Open-Source Code Base
Praetorian believes anything that runs on your infrastructure (including your web browser) must be open-sourced. As part of this belief, we open-sourced Chariot’s frontend and CLI tool. You can inspect every line of our code that runs in your environment.
5. CrowdStrike Integration
CrowdStrike Configuration Risks Detection
Chariot is now able to seamlessly integrate with CrowdStrike’s Falcon platform, enabling organizations to leverage Chariot’s advanced detection capabilities to identify and mitigate potential configuration risks within their CrowdStrike deployment, ensuring optimal security posture and threat protection.
Chariot is designed to embody the principles of Continuous Threat Exposure Management (CTEM), incorporating attack surface management, vulnerability management, attack path mapping, breach and attack simulation, continuous penetration testing/red teaming, and exploit/threat intelligence. Unifying these components and wrapping in a managed service, provide unparalleled security coverage for your organization.
