Enough With the Data Already!

Post by Liza Kurtz In Security on Jul 30, 2020

Resolve your attack surface once and for all.

When it comes to cybersecurity, “more” sounds better and there’s literally some new thing to try, buy, or apply every day. On the ground, however, it’s a very fine line between “more is better” and “let me up, I’ve had enough!”

For example, we can find information about cyber threats using Google or open source intelligence (OSINT), or subscribe to some mix of free and paid threat feed services. For the “outside-in” view of our attack surface, we can commission pen tests, port scans, vulnerability assessments, and Red Team exercises that vary greatly in cost, scope, and frequency.

But bombarding IT and SecOps with more input from more sources stops short of solving the problem, and even creates new ones, like all those tools that generate all those alerts do today. You still need to cut through the noise, dig through the haystack and prioritize a handful of needles to act on.

Automation and AI purport to make things better, but most teams still feel fatigued and outrun. Instead of more data—and more work to do—what you need is to know, “What should we do about it?”

True “resolution intelligence” moves the needle on a challenge by taking you from data through intelligence to action to prevent or remediate a problem for good. Resolving your attack surface, today and over time, takes both threat and attack surface intelligence. You need to see what adversaries see when they target your network, and to know what they’re up to at all times, before you can fix, or even identify the most critical risks to your digital brand.

Resolving risk with threat and attack surface intelligence

Attack surface management, or ASM, refers to discovering and remediating external digital risk that exists beyond your company firewall, and IT’s visibility or control. This includes things like domain exposure, brand exposure, and misconfigurations (the cause of 40% of breaches during the past two years).

ASM starts with AI-led discovery to uncover a range of exposure from things like code left exposed in public repositories, expiring certificates, abandoned servers, and exposed domains, sub-domains and “lookalikes” that might be used in typosquatting efforts to mimic your brand. Step one, discovery, typically turns up lots of things you might or might not find on your own if you had time to look, and then the fun starts.

To decide what to do next and go do it, you need to know more. Prioritization and personalization are key. How great a risk does each finding or category represent? Which threats or brand exposures could hurt your company most and soonest? Of these, which should you address first?

Context determines ASM’s ultimate value. What factors determine priority? What attacks or threat activity already takes place around specific IPs, domains, or indicators of compromise (IoCs)? What possible fixes are there and what is the impact of each?

Skills and collaboration also come into play. Who needs to get involved to get this resolved? Do we have the right skills and resources in house?

Last but not least, you need always-on coverage because the day you finish acting on a $50K pen test a new misconfiguration, expiring certificate, or compromised IP can hang a new bullseye on your brand.

ASI Insights

ASI

ASI - Digital Assets Monitored


ASI - Digital Assets

Netenrich Threat & Attack Surface Intelligence: Architected for action

Rich context should be table stakes for adopting intelligence to manage your threat landscape or attack surface. But even that’s not enough.

The deciding factor – the “money shot” – is actionability. To this end, Netenrich combines ASM with threat news and insight to deliver integrated Threat & Attack Surface Intelligence to prevent breaches, bridge skills gaps, and streamline SecOps—without giving your team new headaches.

Our ASM solution, Attack Surface Intelligence (ASI), is architected to address the risks enterprise IT and SOC teams face every day with actionable context around risks, prioritization, and most importantly, remediation.

Driven by our AI platform featuring 12+ years’ digital operations tribal knowledge, ASI takes ASM to the next level with analyst-vetted prioritization and high-touch, personalized remediation strategies. The platform also features integrated threat intelligence from our global Knowledge NOW (KNOW) engine for even faster resolution.

KNOW delivers everything needed to follow cyber threats – news, trends, insight, context, and prioritization – in one platform, in minutes, for free. If that sounds even remotely familiar, stay tuned for future posts about applying ASM and threat intelligence, and what makes them actionable.

For now, the point is that ASI and KNOW together deliver integrated Threat & Attack Surface Intelligence architected for actionability, in whatever way that means for you, to resolve critical risks and continue to drive down your likelihood of making headlines for all wrong reasons.

Sign up for KNOW right now to start seeing the day’s top cyber stories in your inbox and researching your IOCs in a fraction of the time it take now.

Learn more about ASI and getting a free attack surface scan with Netenrich security analysts providing expert insight around prioritization, action, and resolution over time.

CONNECT WITH US

About Author