Skip to the main content.

11 min read

Threat and resolution attack surface intelligence

Threat and resolution attack surface intelligence lets you see what adversaries see and stop them in KNOW time.

See what adversaries see and stop them in KNOW time

Your IT and Security teams watch your network and web site 24/7. You invest thousands (conservatively) in firewalls, SIEMs, anti-malware, Intrusion Prevention/ Detection Systems (IPS/IDS), and other security tools that bombard you with alerts all day long.

Yet attacks can still take you by surprise. In one recent example, the veteran hacktivist group Anonymous resurfaced to affect the massive BlueLeaks attack on U.S. law enforcement. If it can happen to them, can happen to most any company.

Staying a step or two ahead of risk requires broad threat actor insight:

  • What are adversaries up to? There are hundreds of ways to get news about emerging and ongoing attacks, but it takes time and expertise to stitch all the data together into reliable, actionable threat intelligence.
  • What do they see when they target your brand? “Outside-in” perspective is the missing link for IT and security operations (SecOps) teams. Resource-intensive assessments such as penetration or “pen” testing, bug bounties, and Red Team exercises can deliver it, but only for one point in time.

To find risk and prevent breaches, your security professionals need a new caliber of actionable threat and attack surface intelligence that equips them to:

  • Know first, and act fast
  • Become more proactive and preventative
  • Act on the most critical risks first
  • Continuously shrink your attack surface
  • Reduce cycles and alert fatigue
  • Optimize SecOps and IT
  • Demonstrate value

Netenrich uniquely delivers continuous adversary insight by integrating threat and attack surface intelligence to prevent risk, streamline operations, and bridge skills gaps—in less time, and without creating more work for your own team.


Why Now?

Cybersecurity Ventures projects five-year cybersecurity spending will exceed $1 trillion through 20251. The firm also predicts the annual cost of damage related to cybercrime will reach $6 trillion by 2021—a costly gap in the making.

Threat & Attack Surface Intelligence from Netenrich gives you a lasting advantage in bridging this gap by addressing the reasons attacks still succeed:

  • Fast-growing digital footprint: Your digital brand presence continues to grow exponentially, sometimes without IT knowing it. Your external attack surface may even grows at a faster rate than the SecOps team and security budget, creating dangerous skills and visibility gaps.

  • Fast-changing threat landscape: Threats keep coming. A company will fall victim to a ransomware attack every 11 seconds by 2021, and that’s just one form of attack. The COVID-19 pandemic also forced IT and SecOps to focus on accelerating digital transformation and supporting distributed workforces.

  • Skills/resource gaps: Today’s advanced attackers may be equally or better staffed and funded than most enterprise security departments. Investments in new tools often mean more data and alerts no one has time to contend with. SecOps, SOC, and IT operations also may not be in alignment or able to keep pace with new challenges due to skills shortages, siloed communications, and lack of a central or common platform for collaborating and sharing data.

In the face of spending constraints . . .

Gartner projects the growth in cybersecurity spending will decline to just 7% by 2023 (compared with 12% in 2018) with boards pushing back and asking IT to justify the spend.

At the same time, cyber risk and challenges continue to grow. As of 2019:

  • The average cost of a data breach was $3.92M Security Intelligence

  • More than $3.5B was lost to cybercrime globally Hashed Out, The SSL Store

  • Average time to identify a breach was 7 mos. (IBM)

  • Average lifecycle of a breach was @ 11 mos. from breach to containment (IBM)


Cybersecurity spending data

Source: Ponemon Institute, Improving the Effectiveness of the Security Operations Center, 2019

Demonstrating Value. In addition to the usual challenges, Gartner writes:

Gartner clients are reporting that after years of quarterly reporting on cybersecurity to their boards, their boards are now pushing back and asking for improved data and understanding of what they have achieved after years of such heavy investment. Outcome-driven metrics (ODM) for technology risk are an abstraction of tools, people and processes to reflect how well an organization is protected, not how it is protected. ODM can be used to enable more effective governance over cybersecurity priorities and investments.2

To SOC or not to SOC?

According to Ponemon Institute, more than two-thirds of large enterprises with substantial investments in building their own SOC deem their SOC ineffective for multiple reasons that can be addressed by threat and attack surface intelligence.

This trend shows a clear and growing need to demonstrate the value of security investments. Ongoing threat and attack surface management can show such improvements and inform higher-value spending strategies.


Integrated Threat & Attack Surface Intelligence – A New Paradigm

You can’t control everything on the public Internet, or beyond your firewall, but you can still act first to protect your brand. Businesses can respond faster and become steadily more efficient and proactive by adopting a new approach driven by outcomes and action.

Two areas of specialization have emerged to meet the challenge:

Attack surface management (ASM) is the continuous discovery, investigation, prioritization, and mitigation of external digital risk. Dynamic, continuous discovery shows how your brand may be exposed on the public Internet, in public clouds, and Shadow IT. A growing priority for CIOs, CISOs, IT and security teams, ASM looks at the stuff that exists outside your firewalls and perimeter security, beyond IT’s visibility and complete control.

“Threat intelligence” refers to information about cyber threats and threat actors that helps mitigate and prevent cyberattacks and improve your security posture. Sources typically include open source, social media, analysts, bloggers, and intelligence from the deep and dark web.

Netenrich uniquely combines ASM and threat intelligence into one integrated solution to deliver complete Resolution Intelligence for preventing attacks, reducing digital brand exposure, bridging skills gaps, and streamlining SecOps. Led by AI and driven by analysts, Integrated Threat & Attack Surface Intelligence from Netenrich delivers intelligent context and a clear path to action, without creating more work for your own analysts.

The suite consists of Knowledge NOW (KNOW) free threat intelligence and Attack Surface Intelligence (ASI). Together KNOW and ASI integrate to deliver actionable resolution intelligence greater than the sum of its parts.


ASI: The industry’s most actionable “outside-in” perspective

ASI from Netenrich lets you see what adversaries see as they target your digital brand with continuous coverage to steadily reduce risk. After zero-effort onboarding, ASI performs automated attack surface scans to discover critical areas of risk – brand exposure, misconfigurations, threat correlation, and vulnerabilities – with a focus on delivering actionable, personalized context.

Machine-led discovery scours billions of data points to identify all digital assets and shadow IT associated with your company brand. This covers a wide range of port, protocol, and service exposure including:

  • Domain exposure including subdomains and those that might be used for lookalike or typosquatting attacks
  • Digital exposure from code repositories, public cloud
  • Vulnerabilities
  • Compromised email addresses
  • IP addresses / open ports
  • Expiring or abandoned certificates
  • Abandoned servers, sites, pages

ASI’s actionability advantage derives from AI-led discovery, rich context, and security experts evaluating findings, prioritizing risk, and delivering high-touch remediation strategies. Flexible DIY subscriptions and Concierge Service complement your own resources.

Attack Surface Intelligence displays attack surface status with risk indicators per category

Figure 1. ASI displays your attack surface status with risk indicators per category. Issues are identified by technical checks performed for each category with three levels of risk indicated. Assessments can serve as a benchmark for audits of issues to demonstrate successful and continuous mitigation. In this example Service Exposure is putting the organization under high risk that needs immediate and ongoing attention.

Beyond basic discovery, Netenrich ASI adds:

Analysis. Activity includes correlating and identifying false positives and performing risk-checks to assess the overall attack surface status. Analysis is AI-led with Netenrich experts adding rich insight and context.

Evaluation includes validating data as legitimate and correlating against insight from Netenrich’s Knowledge NOW (KNOW) global threat intelligence. Analysis sets the stage for deep-dives by your security experts.

Prioritization. Security experts vet AI-driven suggestions adding exponential value in promoting rapid action to address the most dangerous risks first.

Remediation. The final goal of intelligence should always be resolution. ASI features high-touch analyst consultation and detailed reporting of affected assets, technical details, context, and technical remediation advice.

“What does that tell you?”

ASI answer the questions:

  • How does my business look from a hacker’s prospective?

  • How vulnerable is our digital presence today and in the future?

  • Do we have exposed assets we don’t know about?

  • Which risks should we mitigate first?

  • Is our external security posture getting better?

ASM helps IT and SecOps proactively prevent a wide variety of cyberattacks and activities including:

  • Ransomware
  • Command and control
  • DDoS
  • DNS hijacking
  • Brute force
  • Email-based attacks
  • Phishing
  • Typosquatting / lookalike attacks


Use Cases

Use Case I: Brand Exposure

Protection of the company brand is a top concern for management and growing priority for security teams. Brand exposure spans a wide range of issues such as whether your organization has been part of a breach, leaked credential dumps, or is being targeted by typo-squatting your domain.

Brand exposure use-case

Figure 2. A total of 21 domains were associated with this brand. For each, ASI captures discovered sub-domains, DNS records, registrar organization, expiration dates, hosting and discovered dates. Each discovery features quick indicators such as how many domains have expired, or are about to expire that might impact risk.

Inadvertently or accidentally leaving company assets exposed — having code available in public repositories or accessible via public cloud storage — contributes to risk.

Use Case II: Misconfigurations

DivyCloud reports over 33 billion records were exposed in breaches during 2018 and 2019 due to cloud misconfigurations, costing companies some $5 trillion. 3 The company says, “The rush to adopt cloud services has created new opportunities for attackers — and attackers are evolving faster than companies can protect themselves.4

Why do misconfigurations account for more than 20 percent of breaches every year? For one thing, network and security architectures continue to change creating a dynamic shift in attack surface. Administrative tasks such as managing expiring certificates, enforcing authentication (usually on nonproduction sites), and minor configuration steps may also fall to the wayside.

ASI vs. Pen Testing: 24/7 coverage. 75% lower cost.

Bi-weekly pen testing or in-depth quarterly assessments can easily run $250K per year. And you only get snapshots that could change the next day.

ASI provides continuous coverage, often at 50-75 percent lower cost.


These mistakes account for a large portion of the first stage of an attack with savvy adversaries turning oversights into entry points. While security tools may not find such errors, ASI sheds light on the things that must be addressed.

Use Case III: Threat Correlation

Identifying public-facing assets is a great step toward creating a better security posture. Correlating assets to active or recent nefarious activity takes you a major step further. ASM helps in understanding how your public IP space may be used to launch attacks or serve malware:

  • Have domains been subverted for phishing or command and control?
  • Has your infrastructure been compromised and resources siphoned off for coin-mining or as a pit-stop in the fraud chain?
  • Are company assets linked to malware?

Threat correlation use-case

Figure 3. Netenrich ASI correlates your infrastructure to threat intelligence to identify malicious activity.

Fast, automated discovery combined with built-in threat intelligence is key to successful threat correlation.

Use Case IV: Vulnerability Insight

Which vulnerabilities are trending? Are they currently being weaponized by bad actors? Which can cause the most damage?

Finding and researching vulnerabilities in your system is an age-old security problem compounded by a fast-changing attack surface. Depending on your architecture or where systems live, scanning may not always be an option.

Aggregating data for prioritization proves essential to any hope of successful patching. ASI integrates with real-time threat intelligence to reduce cycle and make it even easier to prevent breaches and combat alert fatigue.

Knowledge NOW (KNOW) Threat Intelligence:
Everything you need to know about threats, free in minutes

You can find news about threats in lots of places, but someone still needs to decide what’s important, and what to do about it.


Stay in the KNOW. It’s free!

Knowledge NOW (KNOW) real-time threat intelligence from Netenrich brings you closer to action by answering:

  • What happened and why?
  • What are experts saying about it?
  • What should we be following? What changed since yesterday?
  • Is this IP or IoC good or bad?
  • What should we address first? How do you do it?

KNOW puts what you need to follow threats — news, trends, search, scores and context — in one place, for free. KNOW adds actionable context and insight to take users from “heads up” to “what to do” in minutes. The KNOW TODAY newsletter sends the day’s top stories to your inbox so you can keep current without searching elsewhere. Log into KNOW to research the news and gain actionable context up to 15X faster than you could with Google News.

KNOW curates data from worldwide threat feeds, industry coverage, and Netenrich’s global ops intelligence center to bring breaking news and context together in one view. Rather than rely on public CVE (common vulnerability and exposure) scores, KNOW adds context based on threat levels, recent activity, risk associations, historical data, expert insights, and industry coverage. Deep context gets vetted by analysts to help everyone from your CEO and CISO to SOC and SecOps professionals find exactly what they need.


Better intel at KNOW cost. KNOW delivers deeper insight and more actionable context than many free and paid threat intelligence services with analysts vetting contextual tags, risk scoring, and more.

Rather than rely on public CVE (common vulnerability and exposure) scores, KNOW adds context based on threat levels, recent activity, context, risk associations, historical data, expert insights, and industry coverage. KNOW automatically feeds updates into ASI so your security analysts can take the next logical next step and research relevant threats discovered.

 Act on threats in KNOW time

  • Free newsletter highlights Top Stories of the Day

  • Contstantly updated and curated

  • Free Intelligence Portal

  • Dashboard highlights news, updates, trends, advisories, recent activity, related topics

  • Follow trends

  • Save searches

  • “Bring your own IoCs”

  • Analyst-vetted context

  • See associations with IPs, domains, hashes, vulnerabilities, threat actors, malware, and companies—in one screen

Threat Intelligence Use Cases

Use threat intel to streamline learning and day to day efforts:

  • Breach alerts: Near-real time alerts on breaches helps to immediately identify trends and techniques being actively leveraged and accelerate hunting activity.
  • Tracking third-party risk: Find out fast when vendors or suppliers incur major security incidents. Saving searches on relevant terminology ensures you receive relevant alerts as they happen, a must for proactive investigation.
  • Stack alerts: Monitor for zero-day attacks, trends in vulnerabilities, malware, and other potential targeting of systems in your environment that are critical or at risk because they cannot be patched.
  • Vulnerability insight: Prioritize patching efforts with detailed information on vulnerabilities that are trending, associated with active threats or threat actors, or affiliated with malware.

You can’t afford not to KNOW!

Together, KNOW and ASI deliver reliable, ongoing data that helps reduce noise, false positives, and alert fatigue. SecOps and IT teams can act faster, become more proactive, and devote more time to high-priority activities such as deploying new technologies, threat hunting, and incident response.

Benefits of integrated Attack Surface & Threat Intelligence
Know first
Daily newsletter puts top stories in your inbox
Find your digital brand exposure before bad actors do
Act fast - save time and streamline SecOps
  • Day’s top stories with no search time
  • Search time 2-30 minutes vs. 4 hours per alert
  • Research IoCs, threats 15X faster
  • Analyst-vetted Threat Criticality scores help prioritize risks
  • Prioritize threats, patches, updates faster
  • Less time chasing false positives
  • 3-4x faster discovery
  • 24/7 coverage (vs. 1-3-wks. for point-in-time risk assessment)
  • Expert-vetted remediation strategy w/in 48 hours
Personalized intelligence
Research IOCs of interest, industry, geography, types of attacks, trusted sources
“Threats You Follow”
Attack surface scans and analyst recommendations track your unique attack surface
Custom dashboards
Continuous coverage
Continuously updated by Netenrich Global Threat Intelligence Center and Internet sources
Increased value vs. pen testing, Red Team exercises and other point-in-time solutions
Analyst-vetted tags guide threat research
Data automatically correlated with relevant intelligence (trend data, recent activity, etc.)
Intuitive dashboard makes it easy to drill down
High-touch reports feature expert analysis and proposed mitigation strategies



Why Netenrich?

New security tools appear as quickly as new threats. Netenrich’s cybersecurity portfolio features a flexible mix of products and SaaS-based offerings to complement and supplement your team’s resources as needed.

Single-source Resolution Intelligence

Why settle for data when you can gain insight, and a lasting personalized advantage? Netenrich’s industry-first Resolution Intelligence uniquely applies machine and human intelligence to bring about desired outcomes, drive ongoing operational efficiencies, and reduce workload and cost.

Where we historically think of “resolution” in terms of incidents, complaints, threats, and alerts, Netenrich views it as both solving the problem today and resolving the issue going forward. Our outcome-driven approach delivers rich context, personalization, and actionability that promote collaboration and smarter, proactive resolution.

Resolution = Data + intelligence + action.

Many point solutions offer data and several offer intelligence but no other player in the Threat & Attack Surface Intelligence space can take customers through to action and resolution the way Netenrich can.

Our Resolution Intelligence includes rich context, personalization and actionability driven by one platform or highly integrated infrastructure.

KNOW and ASI are uniquely backed by a codified AI platform, deep SOC expertise, and a worldwide team of experienced security analysts.

Threat and Attack Surface Intelligence SOC-as-a-service

Netenrich bridges the gap between point solutions for ASM and threat intelligence and SOC-as-a-Service offerings featuring recommendations, action and proactive resolution.

The AI + IQ Factor

The industry increasingly looks to AI to speed and automate the discovery, correlation, and interpretation of data, and so do we. But Netenrich doesn’t just generate more data and more dashboards. We combine AI with expert human intelligence to speed investigation and mitigation of your unique digital attack surface and threat landscape.

Twelve years’ deep NOC/SOC experience is codified into our AI platform. Having helped thousands of enterprises build, manage and modernize digital operations, we’ve amassed billions of incidents, millions of endpoints, and 140+ vendor integrations.

Deep NOC/SOC Experience

Netenrich works with 6,000+ enterprises, service providers and government agencies worldwide to optimize network and security operations to transform business. Where most providers of ASM and threat intel tend to feature one or two flagship products, our heritage of ops innovation, management, and transformation offers broad advantages in bridging skills gaps, and turning data into smarter, faster resolution.


What to Do About Your Own Attack Surface

Visit anytime to create a KNOW Threat Intelligence account and sign up for your free daily newsletter.

Combine Threat & Attack Surface Intelligence from Netenrich to start doing security smarter, and act faster than the speed of bad. You’ll be amazed at how much we can achieve together in just 30 days!



  1. Cybersecurity Ventures’ 2019 Cybersecurity Market Report
  2. Outcome-Driven Metrics for Cybersecurity in the Digital Era, Gartner, Feb. 2020
  3. were,globally%2C%20according%20to%20DivvyCloud%20research
  4. were,globally%2C%20according%20to%20DivvyCloud%20research

Download now

Related content

Secure operations

7 min read

Netenrich Guide to Secure Operations

Secure operations — different from security operations and SOC — is a new approach to security and digital operations that strengthens cyber...

Read More

7 min read

Seven times to attack your attack surface

This guide explains seven times to attack your attack surface, what you should investigate and, shore up your attack surface.

Read More

5 min read

A Board's-eye view of cybersecurity risk

This guide helps CISOs, CIOs, and their boards to manage cybersecurity risk and, in the process, reduce exposure to harm.

Read More