Diligence, in the context of security ratings and cyber risk management, refers to an organization's proactive efforts to identify, assess, and mitigate potential cyber risks. It reflects the organization's commitment to maintaining a strong security posture and protecting its assets from cyber threats.

Here's how Diligence is viewed across different disciplines:

• Security Ratings Providers: Diligence is crucial in determining an organization's security rating. It's assessed by analyzing various security practices, including vulnerability management, incident response, and security awareness training.

• Cyber Risk Management: Diligence is at the core of cyber risk management. It involves implementing and maintaining security controls, conducting risk assessments, and continuously monitoring for threats.

• Third-Party Risk Management/Vendor Risk Management: Diligence in this context focuses on assessing and managing the cyber risks associated with third-party vendors and suppliers. It includes due diligence processes, contract reviews, and ongoing monitoring of vendor security posture.

• Cybersecurity Risk Assessment: Diligence is demonstrated by conducting comprehensive risk assessments that identify vulnerabilities and threats, evaluate their potential impact, and prioritize mitigation efforts.

• Cyber Risk Quantification: Diligence is reflected in the efforts to quantify cyber risks in financial terms, enabling informed decision-making about security investments and risk mitigation strategies.

How ThreatNG Supports Diligence

ThreatNG's comprehensive suite of solutions and intelligence repositories directly support organizations in demonstrating and improving their Diligence. Here's how:

1. Identifying and Assessing Risks:

• Cyber Risk Exposure and Web Application Hijack Susceptibility Scores: These scores provide a quantifiable measure of an organization's overall cyber risk and its susceptibility to web application attacks. These scores are derived from various factors, including domain intelligence, code secret exposure, cloud and SaaS exposure, and dark web presence.

• Domain Intelligence: Provides deep insights into an organization's online presence, including DNS records, subdomains, certificates, and exposed vulnerabilities. This information helps identify potential attack vectors and weaknesses in the organization's security posture.

• Cloud and SaaS Exposure: Identifies and assesses risks associated with cloud services and SaaS applications the organization uses, including shadow IT and misconfigured cloud assets.

• Dark Web Presence: Monitors the dark web for compromised credentials, leaked data, and other threats that could impact the organization.

• Sensitive Code Exposure: Detects exposed code repositories, databases, and other sensitive information that attackers could exploit.

2. Mitigating Risks:

• Continuous Monitoring: ThreatNG continuously monitors the organization's external attack surface, enabling proactive identification and mitigation of emerging threats.

• Reporting: ThreatNG offers various reports that provide actionable insights into the organization's security posture, enabling informed decision-making and prioritization of remediation efforts.

• Collaboration and Management Facilities: ThreatNG facilitates collaboration and communication among security teams and stakeholders through role-based access controls, correlation evidence questionnaires, and policy management facilities.

3. Examples of ThreatNG's Diligence Capabilities:

• Identifying a Subdomain Takeover Vulnerability: ThreatNG's Domain Intelligence module can identify subdomains that are vulnerable to takeover, allowing the organization to proactively address this risk before attackers can exploit it.

• Detecting Exposed API Keys: ThreatNG's Sensitive Code Exposure module can detect API keys and other secrets that have been inadvertently exposed in code repositories, enabling the organization to secure these credentials and prevent unauthorized access.

• Monitoring for Brand Impersonation: ThreatNG's Social Media and Domain Intelligence modules can monitor for fake social media accounts and domain names impersonating the organization, allowing for swift action to protect the brand's reputation.

• Assessing Vendor Risk: ThreatNG's Supply Chain & Third-Party Exposure module can determine the security posture of vendors and suppliers, enabling the organization to make informed decisions about third-party relationships and mitigate potential supply chain risks.

By leveraging ThreatNG's capabilities, organizations can demonstrate a strong commitment to Diligence in cybersecurity, proactively managing risks and strengthening their overall security posture.