Beyond Perimeter Security

Beyond Perimeter Security is an approach to cybersecurity that acknowledges that traditional security measures focused on a defined network edge (the "perimeter") are no longer sufficient to protect against modern cyber threats.

Here's a breakdown of what it entails:

• It recognizes that users and devices operate inside and outside the traditional network.

• It shifts the focus from simply blocking access at the perimeter to:

• Verifying users and devices regardless of their location.

• Securing data itself, rather than just the network boundaries.

• Continuously monitoring and adapting to threats.

• Key concepts involved in beyond perimeter security include:

• Zero Trust Security

• Identity and Access Management (IAM)

• Data-centric security

• Endpoint security

• The core idea is to move away from a "castle-and-moat" security model to a more adaptive and granular approach.

ThreatNG facilitates a beyond-perimeter security approach by providing capabilities that extend visibility and risk assessment beyond the traditional network edge.

• External Discovery: ThreatNG performs external unauthenticated discovery, identifying assets and potential vulnerabilities outside the network perimeter. This is crucial for recognizing that an organization's attack surface extends beyond its internal infrastructure.

• External Assessment: ThreatNG assesses various external risks, demonstrating a focus on threats that originate from outside the perimeter:

• It assesses Web Application Hijack Susceptibility and Subdomain Takeover Susceptibility, focusing on externally accessible web assets.

• It evaluates BEC & Phishing Susceptibility, Brand Damage Susceptibility, and Data Leak Susceptibility, considering factors beyond the network perimeter.

• It determines Cyber Risk Exposure by analyzing external factors like certificates, subdomain headers, vulnerabilities, and sensitive ports.

• It assesses ESG Exposure and Supply Chain & Third-Party Exposure, acknowledging risks from external relationships.

• It calculates Breach & Ransomware Susceptibility and assesses Mobile App Exposure, which can involve threats outside the traditional perimeter.

• Reporting: ThreatNG provides reports such as Executive, Technical, and Prioritized, which aid in communicating risk to stakeholders and demonstrate an understanding that security is not just about perimeter defense.

• Continuous Monitoring: ThreatNG's monitoring of the external attack surface, digital risk, and security ratings aligns with the beyond-perimeter approach by emphasizing ongoing vigilance.

• Investigation Modules: ThreatNG's investigation modules provide detailed external risk analysis:

• Domain Intelligence: Offers a broad overview and in-depth analysis of domains.

• IP Intelligence: Provides information on IPs, Shared IPs, ASNs, Country Locations, and Private IPs.

• Certificate Intelligence: Provides information on TLS Certificates and Associated Organizations.

• Social Media: Gathers posts from the organization under investigation.

• Sensitive Code Exposure: Discovers public code repositories and uncovers digital risks.

• Mobile Application Discovery: Discovers mobile apps and analyzes their contents.

• Search Engine Exploitation: Helps investigate an organization’s susceptibility to exposing information via search engines.

• Cloud and SaaS Exposure: Identifies sanctioned and unsanctioned cloud services, cloud service impersonations, and exposed cloud buckets, and covers SaaS implementations.

• Online Sharing Exposure: Identifies organizational entity presence within online code-sharing platforms.

• Sentiment and Financials: Covers organizational-related lawsuits, layoff chatter, SEC filings, SEC Form 8-Ks, and ESG violations.

• Archived Web Pages: Provides access to archived web pages.

• Dark Web Presence: Covers organizational mentions, associated ransomware events, and compromised credentials.

• Technology Stack: Identifies the technologies used by the organization.

• Intelligence Repositories: ThreatNG uses intelligence repositories, including data on the dark web, compromised credentials, ransomware events and groups, known vulnerabilities, ESG violations, bug bounty programs, SEC Form 8-Ks, Bank Identification Numbers, and Mobile Apps.

• Work with Complementary Solutions: While the document does not detail specific integrations, ThreatNG's capabilities align with a beyond-perimeter approach and can complement other security tools. For example, its threat intelligence and vulnerability data can be valuable for SIEM and SOAR systems.