Edit

Introduction

Businesses are striving consistently to meet the expectations of their customers and stakeholders in the current age of remote workforce, pertaining to evolved cyber threats. While organizations choose their best options to update their internal security posture constantly, little is usually done for monitoring threats from outside on its attack surface. For effective and continuous monitoring of Risk posture, it’s equally important to understand and monitor what the organization looks like from an attacker’s point of view. This is where the “Attack Surface and Threat Intelligence” (ASTI) plays a vital role in gathering data, monitoring, and evaluating the risks that need to be mitigated from an external context of an organization.

ASTI can be explained as a systematic process that assists businesses in monitoring their external presence and attack surface. Unlike a standard vulnerability monitoring tool, the ASTI service goes beyond identifying security flaws in network systems, services, and applications on a regular basis. These tools are not only aimed at monitoring and gathering information from various data points in the public internet for the source code, newly found open/closed ports, identifying compromised email accounts, newly registered domain names in focus, and compromised source code; but also correlates the data points to provide intelligence for the Organisation to prioritize the issues for resolution. Thus, the ASTI service helps enterprises strengthen their information security program by continually monitoring for possible risks that might result in a successful assault against the organization's assets and data. When this service is used with an established vulnerability management system, the total rate at which possible attack vectors become available can be significantly reduced.

Importance of Attack Surface and Threat Intelligence

Understanding Attack Surface

The Attack Surface refers to all the numerous places at which an attacker can get access to a system and steal data.

For example, an application's Attack Surface can be:

1) - The total of all data/command pathways into and out of the program

2) - The code that secures these data/command paths

3) - Any important data utilized in the program, including keys, proprietary information, essential business data, personal data, and personally identifiable information (PII), as well as the code that safeguards this data

Understanding Threat Intelligence from the Attack Surface

Threat Intelligence refers to data regarding cyber threats and threat actors that assist in mitigating and preventing cyberattacks and enhancing the organization’s security posture. The various data points gathered from the attack surface are correlated to generate a meaningful report. One may superimpose this model on top of the user types, i.e., roles and privilege levels who have access to the system (whether authorized or not) for complete visibility. Complexity grows as the number of distinct user types increases and with constant changes to IT and web infrastructure leading to constant changes to the attack surface. However, it is critical to concentrate on two extremes: unauthorized anonymous users and highly empowered administrators (e.g., database and system admins).

Each attack point is classified according to its risk (external or internal), goal, implementation, design, and technology. One may tally the number of attack points for each kind and focus the evaluation on a few examples for each category.

This technique eliminates the requirement to know every endpoint to comprehend the Attack Surface and prospective risk profile of a system. One may count several broader types of endpoints and the quantity of each category. This allows the organization to budget for the time required to assess risk at scale and to determine when an application's risk profile has drastically altered.

Attack Surface and Threat Intelligence: Process

Attack Surface and Threat Intelligence process involves identifying, investigating, prioritizing, and mitigating external digital risk continually. Dynamic and continual discovery identifies potential exposures for the brand on the public internet, public clouds, and vulnerabilities in the organization’s Information Technology assets. The ASTI tools display what attacker sees when they target the organization’s digital brand, providing continuous coverage to gradually minimize the risk.

The process of ASTI goes as follows:

ASTI tools conduct automatic attack surface scans to identify significant areas of risk with an emphasis on providing actionable and tailored context. Machine-led discovery sifts through billions of data points to uncover all digital assets linked with the company's brand. This includes:

  • Exposure of domains, including subdomains and those susceptible to attacks
  • Exposure to the code repositories
  • Exposure to the public cloud
  • Vulnerabilities in the organization’s systems, networks, services, applications, misconfigurations, websites, and Email addresses that have been compromised
  • Internet Protocol (IP) addresses / open ports
  • Certificates that have expired or have been abandoned
  • Servers, websites, and pages that have been abandoned
  • Brand exposure
  • Unchanged default settings

The actionable advantage of ASTI tools is due to its AI-driven capability in correlating and analyzing results, prioritizing risk, and giving high-touch remediation techniques. Correlating and detecting false positives, as well as making risk assessments, are all part of the analysis activity. Security professionals can further verify the AI-driven recommendations, for swift action to address the most critical threats first.

Use Cases for Threat Intelligence

The following use cases can be considered as part of Threat Intelligence applications:

Breach alerts : Near-real-time notification of breaches enables rapid identification of emerging trends and tactics being actively exploited.

Monitoring third-party risk : Quickly learn about serious security events involving vendors or providers. By saving searches on pertinent terms, receive pertinent notifications as and when they occur for proactive inquiry.

Insight into vulnerabilities : Optimize patch efforts based on specific information about vulnerabilities related to current threats.

Final Thoughts

While organizations may not be controlling the public internet that is beyond the organization’s firewall, one may nevertheless act to safeguard Organization’s brand. Businesses may respond more quickly and gradually improve their efficiency and proactiveness by adopting ASTI tools to focus on results and action. Further, the ASTI tool can identify risk areas within an application to educate developers and security specialists about which components of the application are vulnerable to attack and identify ways to mitigate these vulnerabilities.

Intelligence about threats and attacks on the surface enables :

1) - Determination of functions and components of the system that require examination or testing for security vulnerabilities.

2) - Identification of parts of code that are more vulnerable and require protection.

3) - Determination of when the attack surface has altered and to consider mitigation strategy after risk evaluation.

References :

Netenrich Introduces a Threat and Attack Surface Intelligence Solution for Faster Detection, Insight, and Response to Immediate Threats: Attack Surface Intelligence (ASI) and Knowledge Now (KNOW) Integrate to Mitigate Brand Exposure, Bridge Skills Gaps, and Reduce SecOps Efforts by 15x. (2020). PR Newswire.

Netenrich Presents SANS Webcast: Understanding Your Threat and Attack Surface with Netenrich’s Attack Surface Intelligence. (2021). Plus Company Updates.

V. Mavroeidis and S. Bromander, "Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence," 2017 European Intelligence and Security Informatics Conference (EISIC), 2017, pp. 91-98, doi: 10.1109/EISIC.2017.20.

Categories

recent blogs

The Importance of IAM in the Context of the COVID-19 Pandemic

The Importance of IAM in the Context of the COVID-19 Pandemic

July 11, 2022

Building a Roadmap for IT Security Management

Building a Roadmap for IT Security Management

June 10, 2022

Why is IT Service Management Still Relevant Today?

Why is IT Service Management Still Relevant Today?

April 29, 2022

Can We Achieve Zero Trust?

Can We Achieve Zero Trust?    

April 18, 2022

How to Identify the Behavior of Cyber Adversaries?

How to Identify the Behavior of Cyber Adversaries?

April 08, 2022

Switching to A Modern, Intelligent IT Service Management

Switching to A Modern, Intelligent IT Service Management

April 01, 2022

IT Operations Management and IT Service Management

IT Operations Management and IT Service Management | How They Differ, Combine and Why They Matter

March 25, 2022

What is Software-Defined Networking (SDN)?

What is Software-Defined Networking (SDN)?

March 14, 2022

Choosing an IT Service Management Service

Choosing an IT Service Management Service

March 08, 2022

9 Benefits of Automation in Service Management

9 Benefits of Automation in Service Management

March 04, 2022

Social Engineering and How to Safeguard Yourself

Social Engineering and How to Safeguard Yourself

March 02, 2022

AWS Network Firewall Versus Azure Firewall: An Overview and Key Features

AWS Network Firewall Versus Azure Firewall: An Overview and Key Features

Feb 25, 2022

Importance of Attack Surface and Threat Intelligence

Importance of Attack Surface and Threat Intelligence

February 22, 2022

Pros and Cons of Artificial Intelligence in Cybersecurity

Pros and Cons of Artificial Intelligence in Cybersecurity

March 10, 2021

Cloud Infrastructure and the Pandemic- A shining light

Cloud Infrastructure and the Pandemic- A shining light

June 1st, 2020

Identity Management as a Service

Identity Management as a Service

Aug 18, 2020

Cloud Hosting vs Dedicated Servers

Cloud Hosting vs Dedicated Servers

April 06, 2020

The Impact of AI on the Finance Industry

The Impact of AI on the Finance Industry

February 5, 2021

Brainjacking - Moving from Science Fiction to Reality and Associated

Brainjacking - Moving from Science Fiction to Reality and Associated risks

March 11, 2021

Ecommerce: Impact of Amazon and Artificial Intelligence

Ecommerce: Impact of Amazon and Artificial Intelligence

February 1, 2021

Zoom, Skype, Teams: The battle for market domination in the times of

Zoom, Skype, Teams: The battle for market domination in the times of COVID-19.

April 10, 2020

Microsoft Azure Reserved Virtual Machine Instances (RI's) - Key Features

Microsoft Azure Reserved Virtual Machine Instances (RI's) - Key Features and Benefits

March 24, 2020

Tags

Subscribe to newsletter

surya jatavallabhula

By: Surya Jatavallabhula

Senior Director | ISSQUARED Information Security

Surya Jatavallabhula is a Cyber Security and Risk professional with an extensive history in Banking, Biotech, Medical, and Education sectors. Surya has played various roles under security domains including CISO, Security Partner/SME for Information and Cyber Security, DevSecOps, Risk Management, Data privacy, Enterprise Security Architecture, Data Architecture, Technology Risk, and Portfolio Management after graduating in MS Risk Management from Stern School of Business, New York University, U.S and M.B.A from Leeds University Business School, U.K.

Follow:

Contact Us