7 min read
Netenrich Guide to Secure Operations
Secure operations — different from security operations and SOC — is a new approach to security and digital operations that strengthens cyber...
Threat and resolution attack surface intelligence lets you see what adversaries see and stop them in KNOW time.
Your IT and Security teams watch your network and web site 24/7. You invest thousands (conservatively) in firewalls, SIEMs, anti-malware, Intrusion Prevention/ Detection Systems (IPS/IDS), and other security tools that bombard you with alerts all day long.
Yet attacks can still take you by surprise. In one recent example, the veteran hacktivist group Anonymous resurfaced to affect the massive BlueLeaks attack on U.S. law enforcement. If it can happen to them, can happen to most any company.
Staying a step or two ahead of risk requires broad threat actor insight:
To find risk and prevent breaches, your security professionals need a new caliber of actionable threat and attack surface intelligence that equips them to:
|
|
Netenrich uniquely delivers continuous adversary insight by integrating threat and attack surface intelligence to prevent risk, streamline operations, and bridge skills gaps—in less time, and without creating more work for your own team.
Cybersecurity Ventures projects five-year cybersecurity spending will exceed $1 trillion through 20251. The firm also predicts the annual cost of damage related to cybercrime will reach $6 trillion by 2021—a costly gap in the making. Threat & Attack Surface Intelligence from Netenrich gives you a lasting advantage in bridging this gap by addressing the reasons attacks still succeed:
|
In the face of spending constraints . . . Gartner projects the growth in cybersecurity spending will decline to just 7% by 2023 (compared with 12% in 2018) with boards pushing back and asking IT to justify the spend. At the same time, cyber risk and challenges continue to grow. As of 2019:
|
Source: Ponemon Institute, Improving the Effectiveness of the Security Operations Center, 2019
Demonstrating Value. In addition to the usual challenges, Gartner writes:
Gartner clients are reporting that after years of quarterly reporting on cybersecurity to their boards, their boards are now pushing back and asking for improved data and understanding of what they have achieved after years of such heavy investment. Outcome-driven metrics (ODM) for technology risk are an abstraction of tools, people and processes to reflect how well an organization is protected, not how it is protected. ODM can be used to enable more effective governance over cybersecurity priorities and investments.2 |
To SOC or not to SOC? According to Ponemon Institute, more than two-thirds of large enterprises with substantial investments in building their own SOC deem their SOC ineffective for multiple reasons that can be addressed by threat and attack surface intelligence. |
This trend shows a clear and growing need to demonstrate the value of security investments. Ongoing threat and attack surface management can show such improvements and inform higher-value spending strategies.
You can’t control everything on the public Internet, or beyond your firewall, but you can still act first to protect your brand. Businesses can respond faster and become steadily more efficient and proactive by adopting a new approach driven by outcomes and action.
Two areas of specialization have emerged to meet the challenge:
Attack surface management (ASM) is the continuous discovery, investigation, prioritization, and mitigation of external digital risk. Dynamic, continuous discovery shows how your brand may be exposed on the public Internet, in public clouds, and Shadow IT. A growing priority for CIOs, CISOs, IT and security teams, ASM looks at the stuff that exists outside your firewalls and perimeter security, beyond IT’s visibility and complete control.
“Threat intelligence” refers to information about cyber threats and threat actors that helps mitigate and prevent cyberattacks and improve your security posture. Sources typically include open source, social media, analysts, bloggers, and intelligence from the deep and dark web.
Netenrich uniquely combines ASM and threat intelligence into one integrated solution to deliver complete Resolution Intelligence for preventing attacks, reducing digital brand exposure, bridging skills gaps, and streamlining SecOps. Led by AI and driven by analysts, Integrated Threat & Attack Surface Intelligence from Netenrich delivers intelligent context and a clear path to action, without creating more work for your own analysts.
The suite consists of Knowledge NOW (KNOW) free threat intelligence and Attack Surface Intelligence (ASI). Together KNOW and ASI integrate to deliver actionable resolution intelligence greater than the sum of its parts.
ASI from Netenrich lets you see what adversaries see as they target your digital brand with continuous coverage to steadily reduce risk. After zero-effort onboarding, ASI performs automated attack surface scans to discover critical areas of risk – brand exposure, misconfigurations, threat correlation, and vulnerabilities – with a focus on delivering actionable, personalized context.
Machine-led discovery scours billions of data points to identify all digital assets and shadow IT associated with your company brand. This covers a wide range of port, protocol, and service exposure including:
|
|
ASI’s actionability advantage derives from AI-led discovery, rich context, and security experts evaluating findings, prioritizing risk, and delivering high-touch remediation strategies. Flexible DIY subscriptions and Concierge Service complement your own resources.
Figure 1. ASI displays your attack surface status with risk indicators per category. Issues are identified by technical checks performed for each category with three levels of risk indicated. Assessments can serve as a benchmark for audits of issues to demonstrate successful and continuous mitigation. In this example Service Exposure is putting the organization under high risk that needs immediate and ongoing attention.
Beyond basic discovery, Netenrich ASI adds:
Analysis. Activity includes correlating and identifying false positives and performing risk-checks to assess the overall attack surface status. Analysis is AI-led with Netenrich experts adding rich insight and context. Evaluation includes validating data as legitimate and correlating against insight from Netenrich’s Knowledge NOW (KNOW) global threat intelligence. Analysis sets the stage for deep-dives by your security experts. Prioritization. Security experts vet AI-driven suggestions adding exponential value in promoting rapid action to address the most dangerous risks first. Remediation. The final goal of intelligence should always be resolution. ASI features high-touch analyst consultation and detailed reporting of affected assets, technical details, context, and technical remediation advice. |
“What does that tell you?” ASI answer the questions:
|
ASM helps IT and SecOps proactively prevent a wide variety of cyberattacks and activities including:
|
|
Protection of the company brand is a top concern for management and growing priority for security teams. Brand exposure spans a wide range of issues such as whether your organization has been part of a breach, leaked credential dumps, or is being targeted by typo-squatting your domain.
Figure 2. A total of 21 domains were associated with this brand. For each, ASI captures discovered sub-domains, DNS records, registrar organization, expiration dates, hosting and discovered dates. Each discovery features quick indicators such as how many domains have expired, or are about to expire that might impact risk.
Inadvertently or accidentally leaving company assets exposed — having code available in public repositories or accessible via public cloud storage — contributes to risk.
DivyCloud reports over 33 billion records were exposed in breaches during 2018 and 2019 due to cloud misconfigurations, costing companies some $5 trillion. 3 The company says, “The rush to adopt cloud services has created new opportunities for attackers — and attackers are evolving faster than companies can protect themselves.4 Why do misconfigurations account for more than 20 percent of breaches every year? For one thing, network and security architectures continue to change creating a dynamic shift in attack surface. Administrative tasks such as managing expiring certificates, enforcing authentication (usually on nonproduction sites), and minor configuration steps may also fall to the wayside. |
ASI vs. Pen Testing: 24/7 coverage. 75% lower cost. Bi-weekly pen testing or in-depth quarterly assessments can easily run $250K per year. And you only get snapshots that could change the next day. ASI provides continuous coverage, often at 50-75 percent lower cost.
|
These mistakes account for a large portion of the first stage of an attack with savvy adversaries turning oversights into entry points. While security tools may not find such errors, ASI sheds light on the things that must be addressed.
Identifying public-facing assets is a great step toward creating a better security posture. Correlating assets to active or recent nefarious activity takes you a major step further. ASM helps in understanding how your public IP space may be used to launch attacks or serve malware:
Figure 3. Netenrich ASI correlates your infrastructure to threat intelligence to identify malicious activity.
Fast, automated discovery combined with built-in threat intelligence is key to successful threat correlation.
Which vulnerabilities are trending? Are they currently being weaponized by bad actors? Which can cause the most damage? Finding and researching vulnerabilities in your system is an age-old security problem compounded by a fast-changing attack surface. Depending on your architecture or where systems live, scanning may not always be an option. Aggregating data for prioritization proves essential to any hope of successful patching. ASI integrates with real-time threat intelligence to reduce cycle and make it even easier to prevent breaches and combat alert fatigue. Knowledge NOW (KNOW) Threat Intelligence:
|
Stay in the KNOW. It’s free! https://know.netenrich.com |
Knowledge NOW (KNOW) real-time threat intelligence from Netenrich brings you closer to action by answering:
KNOW puts what you need to follow threats — news, trends, search, scores and context — in one place, for free. KNOW adds actionable context and insight to take users from “heads up” to “what to do” in minutes. The KNOW TODAY newsletter sends the day’s top stories to your inbox so you can keep current without searching elsewhere. Log into KNOW to research the news and gain actionable context up to 15X faster than you could with Google News.
KNOW curates data from worldwide threat feeds, industry coverage, and Netenrich’s global ops intelligence center to bring breaking news and context together in one view. Rather than rely on public CVE (common vulnerability and exposure) scores, KNOW adds context based on threat levels, recent activity, risk associations, historical data, expert insights, and industry coverage. Deep context gets vetted by analysts to help everyone from your CEO and CISO to SOC and SecOps professionals find exactly what they need.
![]() Better intel at KNOW cost. KNOW delivers deeper insight and more actionable context than many free and paid threat intelligence services with analysts vetting contextual tags, risk scoring, and more. Rather than rely on public CVE (common vulnerability and exposure) scores, KNOW adds context based on threat levels, recent activity, context, risk associations, historical data, expert insights, and industry coverage. KNOW automatically feeds updates into ASI so your security analysts can take the next logical next step and research relevant threats discovered. |
Act on threats in KNOW time
|
Use threat intel to streamline learning and day to day efforts:
You can’t afford not to KNOW!
Together, KNOW and ASI deliver reliable, ongoing data that helps reduce noise, false positives, and alert fatigue. SecOps and IT teams can act faster, become more proactive, and devote more time to high-priority activities such as deploying new technologies, threat hunting, and incident response.
Benefits of integrated Attack Surface & Threat Intelligence | ||
Benefits
|
KNOW
|
ASI |
Know first
|
Daily newsletter puts top stories in your inbox
|
Find your digital brand exposure before bad actors do
|
Act fast - save time and streamline SecOps
|
|
|
Personalized intelligence
|
Research IOCs of interest, industry, geography, types of attacks, trusted sources
“Threats You Follow”
|
Attack surface scans and analyst recommendations track your unique attack surface
Custom dashboards
|
Continuous coverage
|
Continuously updated by Netenrich Global Threat Intelligence Center and Internet sources
|
Increased value vs. pen testing, Red Team exercises and other point-in-time solutions
|
Actionability
|
Analyst-vetted tags guide threat research
Data automatically correlated with relevant intelligence (trend data, recent activity, etc.)
|
Intuitive dashboard makes it easy to drill down
High-touch reports feature expert analysis and proposed mitigation strategies
|
New security tools appear as quickly as new threats. Netenrich’s cybersecurity portfolio features a flexible mix of products and SaaS-based offerings to complement and supplement your team’s resources as needed. Single-source Resolution IntelligenceWhy settle for data when you can gain insight, and a lasting personalized advantage? Netenrich’s industry-first Resolution Intelligence uniquely applies machine and human intelligence to bring about desired outcomes, drive ongoing operational efficiencies, and reduce workload and cost. Where we historically think of “resolution” in terms of incidents, complaints, threats, and alerts, Netenrich views it as both solving the problem today and resolving the issue going forward. Our outcome-driven approach delivers rich context, personalization, and actionability that promote collaboration and smarter, proactive resolution. |
Resolution = Data + intelligence + action. Many point solutions offer data and several offer intelligence but no other player in the Threat & Attack Surface Intelligence space can take customers through to action and resolution the way Netenrich can. Our Resolution Intelligence includes rich context, personalization and actionability driven by one platform or highly integrated infrastructure. KNOW and ASI are uniquely backed by a codified AI platform, deep SOC expertise, and a worldwide team of experienced security analysts. |
Netenrich bridges the gap between point solutions for ASM and threat intelligence and SOC-as-a-Service offerings featuring recommendations, action and proactive resolution.
The industry increasingly looks to AI to speed and automate the discovery, correlation, and interpretation of data, and so do we. But Netenrich doesn’t just generate more data and more dashboards. We combine AI with expert human intelligence to speed investigation and mitigation of your unique digital attack surface and threat landscape.
Twelve years’ deep NOC/SOC experience is codified into our AI platform. Having helped thousands of enterprises build, manage and modernize digital operations, we’ve amassed billions of incidents, millions of endpoints, and 140+ vendor integrations.
Netenrich works with 6,000+ enterprises, service providers and government agencies worldwide to optimize network and security operations to transform business. Where most providers of ASM and threat intel tend to feature one or two flagship products, our heritage of ops innovation, management, and transformation offers broad advantages in bridging skills gaps, and turning data into smarter, faster resolution.
Visit https://know.netenrich.com anytime to create a KNOW Threat Intelligence account and sign up for your free daily newsletter.
Combine Threat & Attack Surface Intelligence from Netenrich to start doing security smarter, and act faster than the speed of bad. You’ll be amazed at how much we can achieve together in just 30 days!
Endnotes:
7 min read
Secure operations — different from security operations and SOC — is a new approach to security and digital operations that strengthens cyber...
7 min read
This guide explains seven times to attack your attack surface, what you should investigate and, shore up your attack surface.
5 min read
This guide helps CISOs, CIOs, and their boards to manage cybersecurity risk and, in the process, reduce exposure to harm.
We're here to help! Let's talk about how Netenrich can help you jumpstart Chronicle plus get multitenancy, rule and parser packs, real-time dashboards, implementation support, and much more with Resolution Intelligence Cloud.