Beyond Perimeter Security
Beyond Perimeter Security is an approach to cybersecurity that acknowledges that traditional security measures focused on a defined network edge (the "perimeter") are no longer sufficient to protect against modern cyber threats.
Here's a breakdown of what it entails:
It recognizes that users and devices operate inside and outside the traditional network.
It shifts the focus from simply blocking access at the perimeter to:
Verifying users and devices regardless of their location.
Securing data itself, rather than just the network boundaries.
Continuously monitoring and adapting to threats.
Key concepts involved in beyond perimeter security include:
Zero Trust Security
Identity and Access Management (IAM)
Data-centric security
Endpoint security
The core idea is to move away from a "castle-and-moat" security model to a more adaptive and granular approach.
ThreatNG facilitates a beyond-perimeter security approach by providing capabilities that extend visibility and risk assessment beyond the traditional network edge.
External Discovery: ThreatNG performs external unauthenticated discovery, identifying assets and potential vulnerabilities outside the network perimeter. This is crucial for recognizing that an organization's attack surface extends beyond its internal infrastructure.
External Assessment: ThreatNG assesses various external risks, demonstrating a focus on threats that originate from outside the perimeter:
It assesses Web Application Hijack Susceptibility and Subdomain Takeover Susceptibility, focusing on externally accessible web assets.
It evaluates BEC & Phishing Susceptibility, Brand Damage Susceptibility, and Data Leak Susceptibility, considering factors beyond the network perimeter.
It determines Cyber Risk Exposure by analyzing external factors like certificates, subdomain headers, vulnerabilities, and sensitive ports.
It assesses ESG Exposure and Supply Chain & Third-Party Exposure, acknowledging risks from external relationships.
It calculates Breach & Ransomware Susceptibility and assesses Mobile App Exposure, which can involve threats outside the traditional perimeter.
Reporting: ThreatNG provides reports such as Executive, Technical, and Prioritized, which aid in communicating risk to stakeholders and demonstrate an understanding that security is not just about perimeter defense.
Continuous Monitoring: ThreatNG's monitoring of the external attack surface, digital risk, and security ratings aligns with the beyond-perimeter approach by emphasizing ongoing vigilance.
Investigation Modules: ThreatNG's investigation modules provide detailed external risk analysis:
Domain Intelligence: Offers a broad overview and in-depth analysis of domains.
IP Intelligence: Provides information on IPs, Shared IPs, ASNs, Country Locations, and Private IPs.
Certificate Intelligence: Provides information on TLS Certificates and Associated Organizations.
Social Media: Gathers posts from the organization under investigation.
Sensitive Code Exposure: Discovers public code repositories and uncovers digital risks.
Mobile Application Discovery: Discovers mobile apps and analyzes their contents.
Search Engine Exploitation: Helps investigate an organization’s susceptibility to exposing information via search engines.
Cloud and SaaS Exposure: Identifies sanctioned and unsanctioned cloud services, cloud service impersonations, and exposed cloud buckets, and covers SaaS implementations.
Online Sharing Exposure: Identifies organizational entity presence within online code-sharing platforms.
Sentiment and Financials: Covers organizational-related lawsuits, layoff chatter, SEC filings, SEC Form 8-Ks, and ESG violations.
Archived Web Pages: Provides access to archived web pages.
Dark Web Presence: Covers organizational mentions, associated ransomware events, and compromised credentials.
Technology Stack: Identifies the technologies used by the organization.
Intelligence Repositories: ThreatNG uses intelligence repositories, including data on the dark web, compromised credentials, ransomware events and groups, known vulnerabilities, ESG violations, bug bounty programs, SEC Form 8-Ks, Bank Identification Numbers, and Mobile Apps.
Work with Complementary Solutions: While the document does not detail specific integrations, ThreatNG's capabilities align with a beyond-perimeter approach and can complement other security tools. For example, its threat intelligence and vulnerability data can be valuable for SIEM and SOAR systems.