A regional bank used Groma to run a discovery scan. Within 24 hours, it flagged an exposed PostgreSQL database listening on a non-standard port. The IP belonged to a legacy acquisition from 2018. No one on the current security team knew the server existed. The database contained unencrypted customer PII and had not been patched in three years.
You can’t patch what you can’t see. You can’t monitor what you don’t know exists. bitsight groma
Groma is an open-source framework for cybersecurity ratings, developed by the Groma Project. Groma aims to provide a common language and standardized approach for cybersecurity ratings, similar to BitSight. The Groma framework allows organizations to assess and rate the cybersecurity posture of their vendors, partners, or other third-party entities. A regional bank used Groma to run a discovery scan
Your vendor says they’ve decommissioned a legacy portal. Have they? Groma allows you to continuously monitor your partners’ external assets to ensure they aren’t leaving zombie servers online that could be compromised and used to attack your shared data. No one on the current security team knew the server existed
If you don’t know it exists, you can’t protect it. Here’s how continuous discovery changes the game.