Skip to the main content.
Partner Programs
Already a Partner?
The Value of Partnership with Netenrich

The-Value-of-Partnership-with-Netenrich

 

  • Netenrich /
  • Blog /
  • Find and Fix Vulnerabilities Before Hackers Do with the New Attack Surface Intelligence

4 min read

Find and Fix Vulnerabilities Before Hackers Do with the New Attack Surface Intelligence

 
 

JACK, short for Just Another Company For Kicks, a very real brand — just kidding — and a Netenrich customer, probabilistically speaking, have relied on ASI to measurably reduce their attack surface for a few months now. Their top need has been finding and fixing vulnerabilities in their assets exposed to the Internet. Our analysts, working with their IT guys, have helped them fix those vulnerabilities in record time, of course, but they have often said their own teams should be more enabled to do it all themselves. With ASI’s features and some much-needed enhancements to existing ones, now they can. Let’s see how.

 

Attack Surface Intelligence for Dummies  Attack Surface Intelligence dashboard   Red color eye icon

Curious what Attack Surface Intelligence is and how the defending duo of Threat and ASI help you stay ahead of attackers all the time? Read the free Dummies book by Ed Tittel to learn why Netenrich’s ASI solution powered by our native threat intelligence helps enterprises find risks before hackers and fix them quickly.

 

Jill, an IT admin at JACK, logs into Netenrich's Resolution Intelligence Cloud and heads over to ASI. When earlier she would just see a bunch of existing and fixed risks, she now sees an Overview dashboard with a very orange risk score — 75, which is too close for comfort to their all-time high of — 91, immediately telling her it’s probably prime time in Hackers’ Haven.

Attack Surface Intelligence overall risk score

 

ASI now features a risk score for all your org’s external risks and plots them in an easy-to-use chart over eight weeks. Worried, she hovers over the chart next to the score and sees a spike on February 03, 2021.

“Interesting new feature, but why the spike,” she wonders.

Quickly scrolling down the breakdown by the type of threats auto-categorized by ASI, she spots a similar spike in Vulnerabilities on the same day.

Attack Surface Intelligence dashboard showing Vulnerability scores

 

This new feature from ASI tells her visually and without thirty-thousand clicks which type of threat is affecting her risk score. Her next obvious step is to click through to Risks Discovered from Vulnerabilities and intuitively find that one critical risk amongst 17 others.

Attack Surface Intelligence dashboard showing Vulnerability scores

 

Categorization of risks by severity across four new levels in ASI --- Critical, High, Medium, and Low --- lets you see risks that matter the most without going through alert contexts and lines of text.

Curious about this particular risk, Jill then flips to the Overview section—note how ASI has automatically bumped up the Vulnerability risk type to 96—to find the Vulnerable Services Check crying bloody murder, an apt exaggeration for some high-risk alerts that are demanding attention. She notes 61 vulnerabilities across 453 services—read: apps—remain unpatched.

Attack Surface Intelligence overview image

 

One more click, and she is now looking at the suspect caught red-handed in a list of medium-to-low-risk alerts. Or red barred. Literally. There’s one lonesome red alert on the list that’s tripping up JACK’s entire Risk Score, something Jill notes is too dangerous to let slide.

Spot the highest risks easily

 

ASI now makes it easy to see which alerts are critical in a list with visual cues that range from very-light orange to bloody mu… er, dark and deep red.

Viewing the details of the alert is a one-click affair. Soon as Jill does that, a world of insight meets her. She can now see an Apache service running on an IP she is familiar with has a vulnerability with the ID CVE-2017-7679.

Alert details on Attack Surface Intelligence

 

She also sees a bunch of risk rules triggered that show a high CVSS score, and an exploit — a way for hackers to use the vulnerability to hurt JACK. This lends credibility to the red alert and the bumped-up score of Vulnerabilities in Overview. She then sees a recommended fix for the risk, courtesy, our analysts who vet all critical alerts and team up with our machines to offer these recommendations at scale. The fix will have to wait, though. She has a little more digging to do.

Attack Surface Intelligence dashboard showing alert and risk rules

 

ASI now shows the risk rules that get automatically triggered, courtesy, our machine learning algos, that contribute to alert status and offer additional context for prioritization

For the same IP there were other non-critical vulnerability alerts as well as seen in Alerts view. Wondering, “Why now,” she looks up the IP in ASI’s native Discovery search. Turns out, the asset at that IP was hosted on JACK’s web servers and had been alive for a while, but the Apache Web Service running on it was exposed to the Internet just a day before.

Attack Surface Intelligence showing discovery in search

 

Powerful search helps you look for anything across all your data within ASI without switching screens.

Jill is riddled with questions.

  • Why was the Apache Web Service exposed to the public Internet?
  • Why not host the latest version of Apache web server?
  • Before opening up a port in AWS’ firewall, were security controls guidelines honored?

She will have to park these questions later for IT and reach out to our SOC analysts for help with additional help, but for now, she has to go about upgrading the Apache Web Service to the latest version.

When she’s done, she will wait for ASI to tell her if the issue has been resolved for real or if there are niggling problems with it. Thankfully, when she does come back just a day later, she will find ASI’s found the fix good and auto-closed the alert, dipping the score of Vulnerabilities and overall org risk.

Attack Surface Intelligence showing alert closed and risks discovered

 

Auto-closure not only saves you the additional task of closing a ticket, but also serves as a confirmation of fixes.

In summary, for JACK to defend against the dark arts, it took a diligent Jill to fix a rather nasty risk that could have led to much damage later. A diligent Jill, less than ten clicks, and a smart patronus called ASI.

When we launched Attack Surface Intel (ASI) seven months ago, we had maybe three prospects interested in it. Today, more than twenty US and global enterprises use ASI to consistently reduce their attack surface and stay ahead of hackers. We already see over forty brands in trial at a time. Our projections for this year nearly doubles that number. No-brainer then that we rely on our in-trial and paying customers to drive our roadmap toward world domination.

This major release folds a bunch of our customers’ most popular asks into five new features and enhancements that should help make ASI more DIY — our mid-term vision for the product — and super-simple to read insights, take actions, and fix risks — our immediate goal with this release.

 

So chill like Jill

Beyond UEBA: A New Approach to Anomaly Detection and Situational Awareness

Beyond UEBA: A New Approach to Anomaly Detection and Situational Awareness

User entity and behavior analytics (UEBA) has been great at solving some significant shortcomings of SIEM (security information and event management)...

Read More
Netenrich is a Sample Related Vendor/Security Vendor in Gartner® report, Emerging Tech: Security — Emergence Cycle for Automated Moving Target Defense

Netenrich is a Sample Related Vendor/Security Vendor in Gartner® report, Emerging Tech: Security — Emergence Cycle for Automated Moving Target Defense

According to the Gartner report, “Automated moving target defense (ATMD) technologies are paving the way for a new era of cyber defense...

Read More
Grow Your Security Solution Competitiveness with Netenrich and Google Cloud's OEM Program

Grow Your Security Solution Competitiveness with Netenrich and Google Cloud's OEM Program

Netenrich and Google Cloud have joined forces to offer a Fast-Track OEM program for security product innovation. Now security solution providers can...

Read More