Threat and resolution attack surface intelligence

Threat and resolution attack surface intelligence lets you see what adversaries see and stop them in KNOW time.

See what adversaries see and stop them in KNOW time

Your IT and Security teams watch your network and web site 24/7. You invest thousands (conservatively) in firewalls, SIEMs, anti-malware, Intrusion Prevention/ Detection Systems (IPS/IDS), and other security tools that bombard you with alerts all day long.

Yet attacks can still take you by surprise. In one recent example, the veteran hacktivist group Anonymous resurfaced to affect the massive BlueLeaks attack on U.S. law enforcement. If it can happen to them, can happen to most any company.

Staying a step or two ahead of risk requires broad threat actor insight:

• What are adversaries up to? There are hundreds of ways to get news about emerging and ongoing attacks, but it takes time and expertise to stitch all the data together into reliable, actionable threat intelligence.
• What do they see when they target your brand? “Outside-in” perspective is the missing link for IT and security operations (SecOps) teams. Resource-intensive assessments such as penetration or “pen” testing, bug bounties, and Red Team exercises can deliver it, but only for one point in time.
  

To find risk and prevent breaches, your security professionals need a new caliber of actionable threat and attack surface intelligence that equips them to:

Netenrich uniquely delivers continuous adversary insight by integrating threat and attack surface intelligence to prevent risk, streamline operations, and bridge skills gaps—in less time, and without creating more work for your own team.

Why Now?

Source: Ponemon Institute, Improving the Effectiveness of the Security Operations Center, 2019

Demonstrating Value. In addition to the usual challenges, Gartner writes:

This trend shows a clear and growing need to demonstrate the value of security investments. Ongoing threat and attack surface management can show such improvements and inform higher-value spending strategies.

Integrated Threat & Attack Surface Intelligence – A New Paradigm

You can’t control everything on the public Internet, or beyond your firewall, but you can still act first to protect your brand. Businesses can respond faster and become steadily more efficient and proactive by adopting a new approach driven by outcomes and action.

Two areas of specialization have emerged to meet the challenge:

Attack surface management (ASM) is the continuous discovery, investigation, prioritization, and mitigation of external digital risk. Dynamic, continuous discovery shows how your brand may be exposed on the public Internet, in public clouds, and Shadow IT. A growing priority for CIOs, CISOs, IT and security teams, ASM looks at the stuff that exists outside your firewalls and perimeter security, beyond IT’s visibility and complete control.

“Threat intelligence” refers to information about cyber threats and threat actors that helps mitigate and prevent cyberattacks and improve your security posture. Sources typically include open source, social media, analysts, bloggers, and intelligence from the deep and dark web.

Netenrich uniquely combines ASM and threat intelligence into one integrated solution to deliver complete Resolution Intelligence for preventing attacks, reducing digital brand exposure, bridging skills gaps, and streamlining SecOps. Led by AI and driven by analysts, Integrated Threat & Attack Surface Intelligence from Netenrich delivers intelligent context and a clear path to action, without creating more work for your own analysts.

The suite consists of Knowledge NOW (KNOW) free threat intelligence and Attack Surface Intelligence (ASI). Together KNOW and ASI integrate to deliver actionable resolution intelligence greater than the sum of its parts.

ASI: The industry’s most actionable “outside-in” perspective

ASI from Netenrich lets you see what adversaries see as they target your digital brand with continuous coverage to steadily reduce risk. After zero-effort onboarding, ASI performs automated attack surface scans to discover critical areas of risk – brand exposure, misconfigurations, threat correlation, and vulnerabilities – with a focus on delivering actionable, personalized context.

Machine-led discovery scours billions of data points to identify all digital assets and shadow IT associated with your company brand. This covers a wide range of port, protocol, and service exposure including:

ASI’s actionability advantage derives from AI-led discovery, rich context, and security experts evaluating findings, prioritizing risk, and delivering high-touch remediation strategies. Flexible DIY subscriptions and Concierge Service complement your own resources.

Figure 1. ASI displays your attack surface status with risk indicators per category. Issues are identified by technical checks performed for each category with three levels of risk indicated. Assessments can serve as a benchmark for audits of issues to demonstrate successful and continuous mitigation. In this example Service Exposure is putting the organization under high risk that needs immediate and ongoing attention.

Beyond basic discovery, Netenrich ASI adds:

ASM helps IT and SecOps proactively prevent a wide variety of cyberattacks and activities including:

Use Cases

Use Case I: Brand Exposure

Protection of the company brand is a top concern for management and growing priority for security teams. Brand exposure spans a wide range of issues such as whether your organization has been part of a breach, leaked credential dumps, or is being targeted by typo-squatting your domain.

Figure 2. A total of 21 domains were associated with this brand. For each, ASI captures discovered sub-domains, DNS records, registrar organization, expiration dates, hosting and discovered dates. Each discovery features quick indicators such as how many domains have expired, or are about to expire that might impact risk.

Inadvertently or accidentally leaving company assets exposed — having code available in public repositories or accessible via public cloud storage — contributes to risk.

Use Case II: Misconfigurations

These mistakes account for a large portion of the first stage of an attack with savvy adversaries turning oversights into entry points. While security tools may not find such errors, ASI sheds light on the things that must be addressed.

Use Case III: Threat Correlation

Identifying public-facing assets is a great step toward creating a better security posture. Correlating assets to active or recent nefarious activity takes you a major step further. ASM helps in understanding how your public IP space may be used to launch attacks or serve malware:

• Have domains been subverted for phishing or command and control?
• Has your infrastructure been compromised and resources siphoned off for coin-mining or as a pit-stop in the fraud chain?
• Are company assets linked to malware?

Figure 3. Netenrich ASI correlates your infrastructure to threat intelligence to identify malicious activity.

Fast, automated discovery combined with built-in threat intelligence is key to successful threat correlation.

Use Case IV: Vulnerability Insight

Knowledge NOW (KNOW) real-time threat intelligence from Netenrich brings you closer to action by answering:

• What happened and why?
• What are experts saying about it?
• What should we be following? What changed since yesterday?
• Is this IP or IoC good or bad?
• What should we address first? How do you do it?

KNOW puts what you need to follow threats — news, trends, search, scores and context — in one place, for free. KNOW adds actionable context and insight to take users from “heads up” to “what to do” in minutes. The KNOW TODAY newsletter sends the day’s top stories to your inbox so you can keep current without searching elsewhere. Log into KNOW to research the news and gain actionable context up to 15X faster than you could with Google News.

KNOW curates data from worldwide threat feeds, industry coverage, and Netenrich’s global ops intelligence center to bring breaking news and context together in one view. Rather than rely on public CVE (common vulnerability and exposure) scores, KNOW adds context based on threat levels, recent activity, risk associations, historical data, expert insights, and industry coverage. Deep context gets vetted by analysts to help everyone from your CEO and CISO to SOC and SecOps professionals find exactly what they need.

Better intel at KNOW cost. KNOW delivers deeper insight and more actionable context than many free and paid threat intelligence services with analysts vetting contextual tags, risk scoring, and more. Rather than rely on public CVE (common vulnerability and exposure) scores, KNOW adds context based on threat levels, recent activity, context, risk associations, historical data, expert insights, and industry coverage. KNOW automatically feeds updates into ASI so your security analysts can take the next logical next step and research relevant threats discovered.

Act on threats in KNOW time Free newsletter highlights Top Stories of the Day Contstantly updated and curated Free Intelligence Portal Dashboard highlights news, updates, trends, advisories, recent activity, related topics Follow trends Save searches “Bring your own IoCs” Analyst-vetted context See associations with IPs, domains, hashes, vulnerabilities, threat actors, malware, and companies—in one screen

Threat Intelligence Use Cases

Use threat intel to streamline learning and day to day efforts:

• Breach alerts: Near-real time alerts on breaches helps to immediately identify trends and techniques being actively leveraged and accelerate hunting activity.
• Tracking third-party risk: Find out fast when vendors or suppliers incur major security incidents. Saving searches on relevant terminology ensures you receive relevant alerts as they happen, a must for proactive investigation.
• Stack alerts: Monitor for zero-day attacks, trends in vulnerabilities, malware, and other potential targeting of systems in your environment that are critical or at risk because they cannot be patched.
• Vulnerability insight: Prioritize patching efforts with detailed information on vulnerabilities that are trending, associated with active threats or threat actors, or affiliated with malware.

You can’t afford not to KNOW!

Together, KNOW and ASI deliver reliable, ongoing data that helps reduce noise, false positives, and alert fatigue. SecOps and IT teams can act faster, become more proactive, and devote more time to high-priority activities such as deploying new technologies, threat hunting, and incident response.

Why Netenrich?

Netenrich bridges the gap between point solutions for ASM and threat intelligence and SOC-as-a-Service offerings featuring recommendations, action and proactive resolution.

The AI + IQ Factor

The industry increasingly looks to AI to speed and automate the discovery, correlation, and interpretation of data, and so do we. But Netenrich doesn’t just generate more data and more dashboards. We combine AI with expert human intelligence to speed investigation and mitigation of your unique digital attack surface and threat landscape.

Twelve years’ deep NOC/SOC experience is codified into our AI platform. Having helped thousands of enterprises build, manage and modernize digital operations, we’ve amassed billions of incidents, millions of endpoints, and 140+ vendor integrations.

Deep NOC/SOC Experience

Netenrich works with 6,000+ enterprises, service providers and government agencies worldwide to optimize network and security operations to transform business. Where most providers of ASM and threat intel tend to feature one or two flagship products, our heritage of ops innovation, management, and transformation offers broad advantages in bridging skills gaps, and turning data into smarter, faster resolution.

What to Do About Your Own Attack Surface

Visit https://know.netenrich.com anytime to create a KNOW Threat Intelligence account and sign up for your free daily newsletter.

Combine Threat & Attack Surface Intelligence from Netenrich to start doing security smarter, and act faster than the speed of bad. You’ll be amazed at how much we can achieve together in just 30 days!

Endnotes:

1. Cybersecurity Ventures’ 2019 Cybersecurity Market Report
2. Outcome-Driven Metrics for Cybersecurity in the Digital Era, Gartner, Feb. 2020
3. https://www.helpnetsecurity.com/2020/02/20/cloud-misconfigurations/#:~:text=Nearly%2033.4%20billion%20records%20 were,globally%2C%20according%20to%20DivvyCloud%20research
4. https://www.helpnetsecurity.com/2020/02/20/cloud-misconfigurations/#:~:text=Nearly%2033.4%20billion%20records%20 were,globally%2C%20according%20to%20DivvyCloud%20research