Security Solutions

4 mins

Automated Security Monitoring: Unveiling the Black Box

Rogier Fischer
Rogier Fischer

In the realm of cybersecurity, visibility is key. On average organizations have 30% more assets than they knew they had. As we continue our blog post series "Continuous Threat Exposure Management: The Hacker Perspective," we shift our focus to automated security monitoring. Today, we unveil the black box of our Orchestrator AI at Hadrian, which harmoniously manages over 200 hacking modules, providing a holistic and continuous but non-disruptive approach to security.

Torch shining a light on some vulnerabilities and that 62% of organizations that were breached were unaware that they were vulnerable.

The Limitations of Simple Vulnerability Scanning

Traditional vulnerability scanning has played a significant role in identifying risks within digital infrastructures. However, there are inherent limitations.

Lack of Contextual Understanding

77% of organizations don't have enough resources to keep up with the volume of patches. Most vulnerability scanners operate in a silo, identifying potential weaknesses without considering the broader context. This often leads to an overwhelming number of vulnerabilities being flagged, many of which might not pose significant risks in a real-world scenario.

False Positives and Negatives

The Enterprise Strategy Group reports that nearly half of all security alerts are false positives. Without proper contextual understanding, simple vulnerability scanners can generate numerous false positives and negatives, requiring security teams to sift through numerous alerts to find genuine threats.

Inability to Detect Complex Attack Vectors

62% of organizations that were breached were unaware that they were vulnerable. Conventional scanners fail to detect complex, multi-step attack vectors. They are designed to look for specific, predefined vulnerabilities, missing out on sophisticated, emerging threats.

Risks Beyond Traditional Vulnerabilities

Not all risks fall under the conventional definition of 'vulnerabilities'. Take, for instance, cloud misconfigurations. These are not vulnerabilities per se but can lead to significant exposure if not properly managed. HackerOne reported in 2022 that website misconfigurations have increased by 151% over the previous 12 months.

Compromised credentials

The 2022 Verizon Data Breach Investigations Report revealed that stolen credentials were involved in nearly 50% of attacks.  credentials leaked in public repositories might not be picked up by traditional vulnerability scanners, but in the wrong hands, they could provide easy access to sensitive systems.

The Power of Hacker Modules

This is where Hadrian's suite of hacker modules, managed by our Orchestrator AI, comes into play. Hadrian’s Orchestrator AI operates similarly to black box security, in which the security of a system is tested with little to no prior knowledge or privileged access.

Here are a just a few examples:

Vulnerability Scanner

A more traditional vulnerability scanner as a cog in the overall monitoring machine.

DNS Takeover Module

This module identifies subdomains vulnerable to takeover, a common way that attackers gain unauthorized access to systems.

Port Scanner

This module scans systems for open ports, providing an overview of potential access points into a network.

ML Secret Recogniser

This module employs machine learning to detect potential secrets like API keys or passwords that may have been inadvertently exposed.

Hadrian currently has over 200 independent modules performing different tasks.

The Value of Multidimensional Scanning with Orchestrator AI


Conventional vulnerability scanners operate on a single plane. In contrast, Hadrian's Orchestrator AI leverages a multidimensional scanning approach, linking the output of one module to the input of another. This forms a complex web of interconnected information, providing a far richer and more detailed picture of your exposure to potential threats.

By connecting findings, Orchestrator AI can form chains of potential attacks, effectively predicting and highlighting how an attacker might escalate their access or impact. It's akin to having a seasoned penetration tester, continuously examining your digital environment for exploitable paths, except it's done in a non-intrusive manner and at a scale far beyond human capabilities.

This multidimensional approach is our answer to the rapidly evolving threat landscape, providing a proactive, contextual, and comprehensive view of your organization's cyber exposure.

To read more about how SHV Energy significantly increased visibility of its external attack surface with Hadrian’s Orchestrator AI, read our case study.


Book a demo

Get started scanning in 5 minutes

We only need your domain for our system to get started autonomously scanning your attack surface.

Book a demo