Implementing Continuous Assessment to Meet the Demands of Today’s Threat Landscape
Today’s cybersecurity landscape is marked by increasingly sophisticated and frequent attacks, from ransomware to nation-state cyber threats. The widespread adoption of cloud services, remote work, and interconnected devices has broadened the attack surface, making it more challenging than ever for organizations to remain secure. Traditional point-in-time security measures, such as annual vulnerability assessments or quarterly penetration testing, are no longer sufficient to combat modern threats. As cybercriminals evolve their tactics, businesses must also adopt continuous risk assessments to stay one step ahead. These ongoing evaluations provide real-time insights into exploitable vulnerabilities, allowing businesses to address risks proactively, strengthen their security posture, and accelerate response times.
- Year Founded: 2016
- Number of Staff: 6
- Operational reach: United States
About Legion Cyberworks:
Legion Cyberworks has positioned itself as a premier provider of cybersecurity services, specifically for industries with unique security demands, such as energy, healthcare, higher education, and hospitality. Focused on relentless protection, detection, and response, Legion’s mission is to safeguard businesses against a wide range of cyber threats, including phishing, ransomware, and malware. Legion Cyberworks has built a reputation for personalized, comprehensive managed security services that combine advanced technologies with expert oversight. Each service is tailored to meet the specific security needs and risk profiles of clients across various sectors.
Attacking the Current Cyber Landscape with Continuous Assessments
In a recent interview, Clayton Dillard, Founder and CEO of Legion Cyberworks, shares that “in today’s environment, static, point-in-time assessments just don’t cut it. Continuous testing and real-time threat intelligence are what truly allow us to stay one step ahead of attackers.” Legion began as a consultancy business offering basic risk assessments, vulnerability management, and advisory services. As demand for cybersecurity expertise grew, so did Legion’s offerings. Today, they provide extensive managed security services, covering endpoint detection and response (EDR), security information and event management (SIEM), and extended detection and response (XDR). They have established a distinctive approach, combining advanced technology and human expertise to mitigate security risks continuously.
The Challenge
As Legion Cyberworks expanded, it recognized the limitations of traditional security measures. The company faced the challenge of scaling its offensive security services without compromising quality. Conducting traditional penetration tests manually required significant time and resources, which limited the frequency and scope of testing. Additionally, while traditional vulnerability scanners were valuable, clients often felt overwhelmed by the vast number of identified vulnerabilities. Clients found it difficult to determine which vulnerabilities posed immediate threats and which required prioritized remediation.
Legion also faced increasing requests from clients for continuous security monitoring rather than just annual or quarterly assessments. They needed a solution that would automate the routine yet maintain essential aspects of penetration testing, freeing up their skilled red team to focus on high-complexity assessments that required human insight. The solution needed to be powerful enough to identify critical vulnerabilities, efficient enough to perform assessments continuously, and capable of integrating with Legion’s existing suite of managed security services.
“Our clients don’t just need reports; they need ongoing assurance that their defenses are resilient. By adopting continuous assessments, we’re able to deliver that confidence.”
Enter NodeZero™
To address these challenges, Legion Cyberworks adopted Horizon3.ai’s NodeZero, an autonomous penetration testing platform. NodeZero provided a solution that automated routine tasks like vulnerability identification and verification, allowing Legion’s red team to shift their focus to more complex, higher-level assessments, such as API and web app penetration testing. NodeZero’s proof of exploit feature provided business impact insights in real-time, helping clients understand the true scope of their vulnerabilities. Clayton says that “the platform’s ability to provide proof of exploit and prioritized reporting is invaluable, and [their] clients have seen the results firsthand. NodeZero doesn’t just find vulnerabilities—it gives [them] the insight to prioritize and fix them efficiently.”
NodeZero operates as a “hands-off” tool, enabling Legion’s team to conduct comprehensive penetration tests without extensive manual input. The platform performs real-world attacks that are safe, emulating the tactics, techniques, and procedures (TTPs) used by adversaries to gain unauthorized access to systems. Its automation capabilities allow Legion to run tests on-demand or scheduled more frequently, generating actionable reports that prioritize vulnerabilities based on their exploitability and potential business impact.
For instance, NodeZero’s ability to conduct assessments in complex, multi-layered environments proved invaluable when Legion used it to test a university’s extensive network, which included over 5,000 devices. Previously, such a task would have taken Legion’s team weeks to complete. However, with NodeZero, they were able to conduct the assessment in days, delivering high-quality, prioritized reports that helped the client address their most pressing security gaps. Legion’s clients appreciated NodeZero’s ability to highlight critical vulnerabilities and recommend practical remediation steps, transforming how they approached risk management.
“NodeZero has completely transformed how we approach penetration testing. It allows us to automate the routine, freeing up our red team to focus on the more challenging aspects of cybersecurity.”
Cyber Threat Intelligence
The recent cyberattack on a prominent global hospitality chain in Las Vegas, NV is a reminder of the importance of proactive and continuous cybersecurity measures. In September 2023, the company suffered a ransomware attack that disrupted core services, including online reservations, digital room keys, and slot machines. The attackers, allegedly linked to the BlackCat ransomware group, exploited weak points of their networks, resulting in over $100 million in losses. The incident illustrates the vulnerability of industries reliant on digital infrastructure and highlights the sophistication of today’s cyber threats.
For companies like Legion Cyberworks, incidents like this underscore the need for continuous assessment and rapid response. Legion’s deployment of tools like NodeZero allows clients to continuously monitor and test their networks, identifying vulnerabilities before they become exploitable entry points for attackers. The proactive approach to penetration testing and real-time threat intelligence offers clients an added layer of security, ensuring that vulnerabilities are detected and prioritized based on real-world impact. By leveraging continuous penetration testing, Legion helps clients not only prevent disruptions but also build resilience against future attacks.
“Our mission at Legion Cyberworks has always been about protecting our clients from cyber threats. Every action we take, from advisory to managed services, is centered on that goal.”
Resounding Results
Legion Cyberworks’ use of NodeZero has redefined their managed security service offerings. By integrating autonomous penetration testing into their services, Legion can offer clients continuous assessment options that were previously impractical. Clients now benefit from actionable, prioritized vulnerability reports, enabling them to focus on the most pressing threats. Additionally, NodeZero’s remediation guidance provides step-by-step instructions, reducing the time required to address critical issues. This has led to a marked improvement in clients’ mean time to remediation (MTTR), helping them close security gaps faster and more efficiently.
The combination of automation with human expertise also enhanced Legion Cyberworks’ value proposition. Legion’s red team can now leverage NodeZero to handle preliminary testing tasks, such as vulnerability identification and initial exploitation attempts, while they focus on more complex and customized tests. This approach has allowed Legion to provide higher-quality service at a greater scale, fostering deeper client relationships. As a result, Legion’s clients have grown to rely on them not only for periodic testing but also for continuous protection as part of their overall risk management strategy.
Looking Ahead
As the cybersecurity landscape grows increasingly complex, Legion Cyberworks remains committed to advancing its services to stay ahead of emerging threats. Through the integration of NodeZero, Legion provides clients with a dynamic, continuous assessment model that ensures vulnerabilities are identified, prioritized, and addressed in real-time. This shift from traditional, periodic assessments to continuous security monitoring has redefined Legion’s approach to client protection, offering organizations a proactive defense against ever-evolving cyber threats. Leveraging NodeZero’s automation capabilities allows Legion’s red team to focus on complex, high-impact tasks, blending innovative technology with human expertise to deliver a comprehensive, resilient cybersecurity solution.
Looking to the future, Legion Cyberworks is expanding its managed security services and deepening partnerships with leading cybersecurity vendors, positioning itself as a central partner for clients in high-stakes industries such as energy, healthcare, and utilities. The integration of continuous autonomous testing and third-party risk management will enable Legion to deliver unparalleled insights and protection across its client base. By adapting to industry needs and utilizing innovative solutions like NodeZero, Legion is not only fortifying its clients’ defenses but also setting a new standard for proactive cybersecurity management in the modern threat landscape.