Cosmos Series Part 1: Principles for the New Platform

Prologue 

When attackers can compromise a company in minutes, defending modern attack surfaces requires the combined strength of human expertise and intelligent automation at scale. For nearly two decades, Bishop Fox has stayed ahead of this challenge through continuous innovation. Now, we’re taking our flagship Cosmos platform to the next level.

Setting us apart is the depth and breadth of our offensive security experts, whose knowledge and skill consistently deliver measurable value and security outcomes for our clients. In 2020, we launched Cosmos to amplify their capabilities, acting as a force multiplier for testing rapidly expanding attack surfaces (Cosmos Attack Surface Management).

One of Bishop Fox’s core values is “Get Better Together,” and this philosophy has been central to how we continue to evolve Cosmos. While the platform has consistently met our customers’ needs and garnered analyst recognition since its inception, in 2023 we took a proactive, holistic approach to ensure it not only continues to deliver value today but also evolves to meet the demands of tomorrow’s ever-changing threat landscape.

In this four-part blog series, we’ll share the steps we took to optimize the performance of our people, processes, and technology, helping us continually outfox attackers.

Part 1: Principles for the New Platform

Security teams today face an impossible equation: exponentially growing attack surfaces paired with limited time and resources. In 2023, Bishop Fox took this challenge head-on by reimagining Cosmos from the ground up. Our goal? To give our offensive security experts the speed and scale they need to protect even the largest organizations against modern threats. We undertook a major update to the Cosmos platform's foundational technology, enabling faster delivery of new features while preparing the infrastructure for future capabilities and services. Throughout this process, we ensured clients continued to receive value from their current deployments, paving the way for a seamless transition to the new platform.

We began with improving our customers’ experience. While the product and engineering teams updated the UI to provide a more intuitive experience for customers, we also added Cosmos Application Penetration Testing and Cosmos External Penetration Testing services to the platform in the first half of 2024. It was a significant achievement that laid down the new architecture leveraged in the second half of 2024.

This new architecture is built on three interconnected principles: everything is a small service, everything is asynchronous, and events are everything. Let’s dig into how these principles are driving greater scale, flexibility, and velocity with our product and engineering teams.

Everything is a small service

Our small services are stateless, event-driven, and asynchronous, providing a strong foundation for scale, efficiency, and feature-building velocity. Less code allows our engineers to focus more on the customer features, while minimizing how many complex operations a service performs.

Think of our new architecture as a highly coordinated team rather than a single superhero. Instead of building one massive system that does everything, we've created specialized micro-teams (services) that excel at specific tasks. Each service is lean, independent, and ready to spring into action at a moment's notice. The result? We can scale individual components instantly, roll out new features faster, and maintain peak performance even under heavy load.

An essential sub-principle of our small services is data independence — each service maintains its own data repository, eliminating the bottlenecks of shared databases and ensuring reliable service level agreements (SLAs). While academic definitions of microservices include this idea, it is rarely enforced in practice. However, we knew it was critical for our strategy.

Everything is asynchronous

This principle allows us to build faster without external orchestration models. Rather than requiring perfect knowledge of how the entire platform should behave and managing that knowledge outside the platform, the new approach has the platform managing itself. When concepts like state engines and orchestration are removed from a design, the flexibility, velocity, and robustness of the platform improves exponentially.

The strength of the asynchronous approach is that no service waits on another. Rather than sequential processing that creates bottlenecks, our services operate independently and efficiently, maximizing throughput and reliability.

An analogy would be a bakery where the pastry chef stops baking while they shop for ingredients (the legacy approach) as compared to a bakery where the bakery manager manages ingredients’ inventory and the pastry chef just bakes (the asynchronous approach). Separating the tasks and having them operate asynchronously allows them each to scale.

Events are everything

Complementing the asynchronous approach, our event-driven architecture provides the foundation for unprecedented scalability, flexibility, and velocity. When defining events, we ensure consistent terminology, which allows our small services to focus on business processes rather than mapping or translating business terms. Additionally, with event-driven triggers driving all activity on the platform, Cosmos’ ability to scale to zero — as well as to scale up quickly, both horizontally and vertically — is robust and direct to manage.

Working together, the principles above have improved the responsiveness of the platform while increasing the teams’ velocity in delivering new features and capabilities in a rapidly evolving market.

In my next post, I’ll discuss how reapproaching our product, feature, and capability work has led to additional velocity improvements in our engineering and product teams.