ThreatNG Security

View Original

ThreatNG Threat and Risk Analysis [TaR]

A new cost-effective approach to digital risk and attack surface management.  


Your organization spent a chunk of the operating budget on siloed solutions for addressing security and risk across multiple departments but still has to dedicate many hours (if not weeks) to develop a clear picture of your threat and risk posture.  Here’s why:


It is a best practice to perform continuous in-depth threat and risk analyses of an organization’s IT infrastructure.  The challenge is that many technical and financial hurdles hinder a security team from achieving a complete picture of weaknesses and vulnerabilities. The current threat and risk analysis models are as follows:

  • Technical (Domains, IPs, Software)

  • People (Insider Threat, Social Media)

  • Financial/Administrative (Company Risk, Financial Risk, Industry Threats)

Unfortunately, most organizations execute threat and risk analysis efforts in only one of the above areas, and rarely incorporate aspects of all of the above. This limited view is due to various reasons: internal skill sets, technological limitations, information limitations, business priorities, and more.  

These solutions are often siloed investments for an organization, and come from separate departmental budgets. The financial resources required to invest in these solutions separately can be astronomical and is another limiting factor as to why there are gaps in these internal/external threats and risk analysis/assessments. Due to the high prices of these siloed departmental solutions, an organization is often faced with a difficult decision to answer this question: 

“Where do we want to invest for the best return on investment?”  

When organizations are faced with this question their attention is drawn to three areas; purely technical solutions, people-centric solutions, or solutions that address financial/administrative risks.  The purely technical solutions often win and come with Security Ratings, Attack Surface Mapping, and Breach Simulation tools. Next are the purely people-centric solutions which cover Data Leak Prevention, Insider Threat, and Social Media Awareness solutions.  Lastly, solutions that address financial/administrative risks, which include Financial Analysis, Overall Company Risk, and Environmental/Industrial Threats. Solutions that attempt to have all three areas are often on the higher end of the pricing spectrum and are out of reach for most organizations.  But in order to have that complete picture of weaknesses and vulnerabilities, all three areas need to be addressed.  What to do?

Presenting the ThreatNG Threat and Risk (TaR) Approach.  Did you know a former employee is sharing privileged operational information online? What key assets (technical, strategic, operational, and financial) are exposed to the Internet? Can these exposed assets be used against you? Are your third parties and supply chain employing adequate or at least similar external security policies, methodologies, and solutions?  Are you able to continuously monitor all of these external facets at all of these levels online?  We look at:

  • Technical, People, and Financial/Administrative Open Source Intelligence (OSINT)

  • Surface/Open, Deep, and Dark Web Investigation

ThreatNG Threat and Risk Analysis [TaR] offers a unique and alternative approach to managing threats that dwell at this level. The ThreatNG approach uses OSINT (Open Source Intelligence) to provide an external perspective on an organization that includes technical and non-technical (business) threats. Our method also includes Dark Web searching, scanning, and indexing which alleviates users of the risks and overhead of investigations in this arena (see our post on the OSINT Top Ten: Dark Web).

ThreatNG harvests, aggregates, analyzes, and reports on several different aspects of an entity (aka an organization): Technical (domain information, public cloud infrastructure, Certificates, etc.), Financial/Administrative (SEC Filings, Funding Rounds, Financial Analysis), Personal (Sentiment, Layoffs, Social Media), and the Dark Web. A multi-faceted approach in providing a comprehensive, holistic, and complete view of an organization's technical and business attack surface.

We provide an in-depth, unique and affordable approach to securing an organization's digital presence and its ecosystem.  We also believe managing external threats shouldn’t be a threat to your bottom line.  Sign-up to see what we have brewing in the lab.