External Risk Management
External Risk Management in cybersecurity focuses on identifying, assessing, and mitigating risks that originate outside an organization's direct control but can still significantly impact its security posture. These risks often involve:
External Attack Surface: Vulnerabilities in externally facing assets like websites, applications, and networks.
Digital Risk: Threats from an organization's online presence, such as brand damage, data leaks, and phishing attacks.
Third-Party Risks: Risks introduced through relationships with vendors, suppliers, and other external entities.
How ThreatNG Helps with External Risk Management
ThreatNG is an all-in-one solution for external attack surface management, digital risk protection, and security ratings. It provides a suite of capabilities that directly address the challenges of external risk management:
ThreatNG performs external unauthenticated discovery without needing connectors. This means it can identify an organization's external assets and potential vulnerabilities from an attacker's perspective, providing a comprehensive view of the external attack surface.
ThreatNG offers a wide range of external assessment capabilities, providing detailed insights into various risk areas:
Web Application Hijack Susceptibility: ThreatNG analyzes externally accessible parts of web applications to identify potential entry points for attackers. For example, it can assess a website's login page's susceptibility to credential stuffing attacks or its vulnerability to cross-site scripting (XSS) attacks.
Subdomain Takeover Susceptibility: ThreatNG assesses the risk of subdomain takeover by unauthorized parties by analyzing subdomains, DNS records, and SSL certificate statuses. For instance, it can identify subdomains with outdated DNS records that could be exploited for subdomain takeovers.
BEC & Phishing Susceptibility: ThreatNG evaluates the likelihood of Business Email Compromise (BEC) and phishing attacks by analyzing sentiment, financials, domain intelligence (including domain name permutations and email intelligence), and dark web presence (compromised credentials). For example, ThreatNG can identify lookalike domains that could be used for phishing or detect compromised email credentials that could facilitate BEC attacks.
Brand Damage Susceptibility: ThreatNG assesses the risk of damage to an organization's brand by analyzing attack surface intelligence, digital risk intelligence, ESG violations, sentiment, financials (lawsuits, SEC filings, negative news), and domain intelligence (domain name permutations). For example, it can detect negative social media sentiment or the registration of domains that could be used for brand impersonation.
Data Leak Susceptibility: ThreatNG analyzes external attack surface and digital risk intelligence, dark web presence (compromised credentials), domain intelligence, and sentiment and financials (lawsuits, SEC Form 8-Ks) to determine the risk of data leaks. It can discover exposed cloud storage or code repositories containing sensitive information.
Cyber Risk Exposure: ThreatNG considers domain intelligence parameters like certificates, subdomain headers, vulnerabilities, and sensitive ports to determine cyber risk exposure. It also factors in code secret exposure by discovering code repositories and their exposure level and investigating their contents for sensitive data. Additionally, it evaluates cloud and SaaS exposure and considers compromised credentials on the dark web. For instance, ThreatNG can identify exposed ports that could be exploited for network attacks or detect hardcoded credentials in code repositories.
ESG Exposure: ThreatNG evaluates an organization's vulnerability to environmental, social, and governance (ESG) risks by analyzing external attack surface and digital risk intelligence, sentiment, and financial findings. It examines media coverage sentiment and financial analysis to highlight competition, consumer, employment, environment, and safety-related offenses.
Supply Chain & Third-Party Exposure: ThreatNG derives this from domain intelligence (enumeration of vendor technologies), technology stack, and cloud and SaaS exposure. It can identify third-party technologies an organization uses and assess their security posture.
Breach & Ransomware Susceptibility: ThreatNG calculates this based on external attack surface and digital risk intelligence, including domain intelligence (exposed sensitive ports, exposed private IPs, and known vulnerabilities), dark web presence (compromised credentials and ransomware events and gang activity), and sentiment and financials (SEC Form 8-Ks). For example, it can detect compromised credentials on the dark web or identify potential ransomware vulnerabilities.
Mobile App Exposure: ThreatNG evaluates an organization's mobile apps' exposure by discovering them in marketplaces and analyzing their contents for access credentials, security credentials, and platform-specific identifiers. It can identify hardcoded API keys or other sensitive information within mobile apps.
ThreatNG provides various reporting options, including executive, technical, prioritized, security ratings, inventory, ransomware susceptibility, and U.S. SEC filings reports. These reports help organizations understand and communicate their external risk posture to stakeholders.
ThreatNG continuously monitors external attack surfaces, digital risks, and security ratings. This enables organizations to stay informed about changes in their external risk posture and respond to emerging threats.
ThreatNG includes investigation modules that provide detailed information for in-depth analysis of potential risks:
Domain Intelligence: This module offers a comprehensive view of domain-related information, including:
Domain Overview (digital presence, bug bounty programs)
DNS Intelligence (domain record analysis, domain name permutations, Web3 domains)
Email Intelligence (security presence, format predictions, harvested emails)
WHOIS Intelligence (WHOIS analysis, other domains owned)
Subdomain Intelligence (HTTP responses, header analysis, server headers, cloud hosting, website builders, e-commerce platforms, content management systems, CRM, email marketing, communication and marketing tools, landing page builders, sales enablement tools, online course platforms, help desk software, knowledge base software, customer feedback platforms, code repositories, cloud hosting, API management tools, developer tools, documentation platforms, product management tools, video hosting, blogging platforms, podcast hosting, digital publishing tools, photo sharing platforms, content experience tools, translation management tools, brand management tools, website monitoring tools, status communication tools, survey platforms, project management tools, shipment tracking tools, subdomain takeover susceptibility, content identification, ports, known vulnerabilities, web application firewall discovery)
IP Intelligence (IPs, shared IPs, ASNs, country locations, private IPs)
Certificate Intelligence (TLS certificates, associated organizations)
Social Media (posts from the organization)
Sensitive Code Exposure: This module discovers public code repositories and uncovers digital risks, including exposed credentials, API keys, and other secrets. For example, it can identify a GitHub repository containing hardcoded AWS credentials.
Mobile Application Discovery: This module discovers mobile apps in marketplaces and analyzes their contents for access credentials, security credentials, and platform-specific identifiers.
Search Engine Exploitation: This module helps users investigate an organization’s susceptibility to exposing information via search engines. It includes:
Website Control Files: Discovers the presence of files like robots.txt and security.txt, which can reveal sensitive information.
Search Engine Attack Surface: Identifies potential vulnerabilities and exposed information that could be found through search engines.
Cloud and SaaS Exposure: This module identifies sanctioned and unsanctioned cloud services, impersonations, and exposed cloud buckets. It also identifies SaaS implementations associated with the organization.
Online Sharing Exposure: This module identifies an organization's presence within online code-sharing platforms.
Sentiment and Financials: This module provides information on organizational lawsuits, layoff chatter, SEC filings, and ESG violations.
Archived Web Pages: This module identifies various archived files and data related to the organization's online presence.
Dark Web Presence: This module tracks organizational mentions, associated ransomware events, and compromised credentials on the dark web.
Technology Stack: This module identifies the technologies used by the organization.
ThreatNG leverages intelligence repositories, including data on the dark web, compromised credentials, ransomware events and groups, known vulnerabilities, ESG violations, bug bounty programs, SEC filings, and mobile apps. These repositories provide valuable context and threat intelligence to enhance risk assessments.
Working with Complementary Solutions
While the provided document doesn't explicitly detail ThreatNG's direct integrations with specific complementary solutions, its capabilities suggest it can work alongside various security tools:
SIEM (Security Information and Event Management) systems: ThreatNG's external attack surface and threat intelligence data can be fed into a SIEM to provide a more comprehensive view of an organization's security posture. For example, ThreatNG could alert a SIEM about exposed credentials, and the SIEM could correlate that with login attempts.
Vulnerability Management Tools: ThreatNG's vulnerability assessments can complement internal vulnerability scanning by providing an external attacker's perspective. For instance, ThreatNG might discover an exposed web application, and a vulnerability scanner could perform a detailed scan for specific vulnerabilities.
SOAR (Security Orchestration, Automation, and Response) Platforms: ThreatNG's threat intelligence and assessment data can be used to automate security responses. For example, a SOAR platform could automatically blocklist malicious IPs identified by ThreatNG.
Identity and Access Management (IAM) Systems: ThreatNG's compromised credential detection can be integrated with IAM systems to trigger password resets or multi-factor authentication enforcement.
