The Foundation of AI-Era Cyber Defense

To defend against AI-enabled attackers, security teams must focus on the fundamentals. SixMap delivers foundational cyber capabilities that improve security posture and help your team mitigate cyber risks faster.

Organizations that know who they are and what to defend

Preparing for AI-driven attacks starts with the basics.

In the era of AI-driven cyber attacks, an initial instinct is to throw the existing playbook out the window and develop novel security strategies. But the more effective response is to double down on the fundamentals: asset and technology inventories, continuous monitoring and detection, agile vulnerability and patch management.

How SixMap uncovers what others miss

SixMap reveals all of your assets, exposures, and risks with accuracy and precision.

Numbers that add up

5X more

entities uncovered through SixMap’s organizational mapping procedure — exposing what’s truly yours to defend.

9% more

IP addresses discovered with IPv6 asset discovery — turning overlooked hosts into defended ground.

50.8% more

exposures identified by inspecting all 65,535 ports, closing gaps before they become exploitable risks.

Gain visibility, find out what your tools are missing.   Schedule a Demo

The SixMap Method

Each step in SixMap’s continuous process provides high-fidelity data, showing you which assets you own, what technologies are in use, and what risks need to be mitigated urgently.

STEP 1: MAP

Who You Are

Map out your full organizational structure, including all sub-organizations and entities. In the public sector, this could be distinct agencies, departments, or offices. For private enterprise, it often means subsidiaries, shells, and other legal entities. SixMap routinely uncovers 5x more entities than other business intelligence tools. This is the foundation of knowing what’s truly yours to defend.

STEP 2: DISCOVER

What You Own

SixMap’s 6Gen algorithm continuously discovers hosts across IPv4 and IPv6, uncovering every asset and tying it back to its rightful owner. Every network, IP address, and domain is identified and assigned to the entity responsible for protecting it. Nothing slips through, and nothing is left unaccounted for.

STEP 3: ASSESS

What Technologies Are Running

SixMap conducts comprehensive exposure assessments, exhaustively evaluating every IP address, domain and subdomain. Unlike other tools that only check the top 1k to top 5k most common ports, SixMap inspects all 65,535 ports on each host, every assessment. SixMap’s technology runs silently, efficiently and accurately, so you only receive high-fidelity data. Understand all your exposures and risks, and know which to fix first.

STEP 4: PRIORITIZE

What Risks To Mitigate First

SixMap turns exposure findings into prioritized action items, complete with context and risk scores. Every CVE detected is enriched with threat intelligence and data on real-world exploitation activity, as well as the groups known to exploit it, so defenders can act on the risks that truly matter. Every decision is quicker, sharper, and evidence-based.

Learn how SixMap uncovers what others miss.   Download Solutions Brief

From process to payoff

With SixMap, you continuously receive high-fidelity data that improves operational efficiency and your ability to respond to risks faster, all without additional effort from your team.

Trusted by Fortune 500 and Government Agencies

Elwyn Wong

CISO, Ross Stores

“Out of thousands of Internet-facing assets, SixMap was able to automatically pinpoint the most pressing vulnerabilities that required immediate action based on quantifying the risk by correlating the threat actors and exploitable vulnerabilities. We’re glad they have partnered with AWS to deliver value to their customers.”

SixMap Platform Use Cases

Exposure Management

Continuously monitor your exposures for vulnerabilities and risks.

Learn more>

External Cloud Visibility

Track and monitor all cloud instances visible from the Internet in real time.

Learn more>

IT Asset Inventory

Gain a complete and accurate inventory of all external domains and IP addresses.

Learn more>

M&A Cyber Risk Due Diligence

Accurately evaluate the risk of an organization before an M&A activity.

Learn more>

Frequently asked questions

How is SixMap’s solution deployed? Does it require agents?

SixMap is an agentless SaaS solution. It does not require any installation, downloads, or agents. The product UI can be accessed through any web browser and the data can be ingested via RESTful APIs and webhooks. 

How does SixMap’s discovery process work?

SixMap’s discovery procedure has two main components: our unique mapping methodology and 6Gen, our core technology. SixMap’s methodology begins by mapping out an organization’s structure, finding all subsidiaries, holding companies, shell companies, and other legal entities that belong to the parent organization globally. Each of these entities serves as a starting point for the asset discovery process, which uncovers all networks, IP addresses, and domains.

6Gen, SixMap’s computational mapping algorithm, is unique in that it can detect hosts across both the IPv4 and IPv6 address spaces. SixMap uses 6Gen, along with other data sources like WHOIS and DNS records, to provide a complete, accurate, and up-to-date inventory of all your external assets. This discovery process is silent, safe, and non-intrusive.

Many exposure management tools are noisy and may cause disruption to systems or applications. How does SixMap avoid these challenges?

SixMap’s host discovery and exposure assessment processes are fast, efficient, silent, and completely safe. The SixMap platform does not pose any risk to the confidentiality, integrity, or availability of your organization’s assets. SixMap does not run any intrusive tests or exploit scripts, so there is no activity that might be considered dangerous or risky.

Does SixMap integrate with the other tools in my security stack?

Yes. SixMap offers several RESTful APIs and webhooks that make it easy to ingest the data into any other tools in your environment. All licenses include access to the APIs and webhooks at no additional cost.

How is SixMap different from similar products on the market?

SixMap has 3 major differentiators. First, SixMap begins by truly getting to know an organization’s DNA before running technical processes. The organization mapping process identifies all legal entities that belong to a single parent organization, including all subsidiaries, holding companies, etc. On average, we find 5-10x more entities than what’s known to major business intelligence firms. 

Second, SixMap’s host discovery process uses 6Gen, a proprietary technology, to uncover all IP addresses and hosts across both the IPv4 and IPv6 spaces. Other tools on the market have very limited discovery capabilities in the IPv6 space, possibly leaving some assets exposed and unmanaged. While many security teams think they do not use IPv6, we almost always find some IPv6 addresses in use.

Third, SixMap’s exposure assessment inspects all 65,535 ports on every host, during every assessment. Most other tools check the top 1,000 to 5,000 most commonly-used ports, which fails to detect exposed services on high ports and creates risk. SixMap finds 7-9% more exposures by assessing all ports, on each host, every single time we run an assessment.

How is SixMap different from other exposure management tools?

Legacy tools stop at fragments — partial scans, incomplete inventories, and misattributions. SixMap goes further, mapping the entire organization across IPv4 and IPv6, tying every host and exposure back to its rightful entity.

How is SixMap’s platform priced?

SixMap prices the platform based on the number of full-time employees at your organization, which serves as a proxy for the complexity of your digital infrastructure and the quantity of external assets you need to monitor and protect. It may help to think of a SixMap contract as a “site license,” which covers your entire organization, regardless of the exact number of assets and users.

While some organizations price based on the number of assets, this pricing model may sometimes put customers in a position where they’re incentivized to ignore some of their own assets in order to stay in a lower pricing tier. SixMap prefers a pricing model that encourages customers to protect all of their infrastructure and assets.

See the SixMap Platform in Action

Schedule a time to talk with us and view a demo.

Get A Demo Form

"*" indicates required fields