Continuous External Security Validation
Continuous External Security Validation is an ongoing process of evaluating an organization's security posture from an external perspective to identify potential vulnerabilities and weaknesses.
Here's a breakdown of the key elements:
Continuous: This highlights that security validation isn't a one-time event but an ongoing activity. Regular and frequent assessments are involved to keep pace with the evolving threat landscape.
External: The validation focuses on assessing security controls and potential vulnerabilities that are visible and accessible from outside the organization's network. This simulates an attacker's perspective.
Security Validation: This involves various techniques and processes used to evaluate the effectiveness of an organization's security measures. It aims to answer questions like:
Can an attacker gain unauthorized access?
Is sensitive data exposed?
Are systems configured securely?
Goal: The primary goal is to proactively identify and address security weaknesses before attackers can exploit them, improving the organization's overall security posture.
ThreatNG facilitates continuous external security validation by providing ongoing assessment and monitoring of an organization's external security posture.
External Discovery: ThreatNG's external discovery capabilities provide the foundation for continuous validation. ThreatNG ensures that an organization's entire external attack surface is regularly identified and assessed by performing external unauthenticated discovery.
External Assessment: ThreatNG delivers various risk assessments that enable continuous security validation. Examples include:
It assesses Web Application Hijack Susceptibility and Subdomain Takeover Susceptibility, providing ongoing evaluation of web application security.
It evaluates BEC & Phishing Susceptibility, Brand Damage Susceptibility, and Data Leak Susceptibility, continuously validating an organization's resilience against these threats.
It determines Cyber Risk Exposure, assessing external vulnerabilities and misconfigurations.
It assesses ESG Exposure and Supply Chain & Third-Party Exposure, providing continuous validation of risks associated with external factors and relationships.
It calculates Breach & Ransomware Susceptibility and assesses Mobile App Exposure, continuously evaluating the organization's vulnerability to these serious threats.
Reporting: ThreatNG's reporting capabilities support continuous validation by providing up-to-date insights into an organization's security posture. Reports such as Executive, Technical, and Prioritized enable organizations to track changes and trends in their external risk profile.
Continuous Monitoring: A core component of continuous external security validation, ThreatNG continuously monitors external attack surface, digital risk, and security ratings. This ensures that organizations have an ongoing view of their external security and are alerted to any changes that require attention.
Investigation Modules: ThreatNG's investigation modules enable in-depth, ongoing analysis of external risks:
Domain Intelligence: Provides continuous insights into various aspects of domains.
IP Intelligence: Provides ongoing information on IPs, Shared IPs, ASNs, Country Locations, and Private IPs.
Certificate Intelligence: Provides continuous information on TLS Certificates and Associated Organizations.
Social Media: Continuously gathers posts from the organization under investigation.
Sensitive Code Exposure: Continuously discovers public code repositories and uncovers digital risks.
Mobile Application Discovery: Continuously discovers mobile apps and analyzes their contents.
Search Engine Exploitation: Continuously helps users investigate an organization’s susceptibility to exposing information via search engines.
Cloud and SaaS Exposure: Provides ongoing identification of sanctioned and unsanctioned cloud services, cloud service impersonations, and exposed cloud buckets and covers SaaS implementations.
Online Sharing Exposure: Continuously identifies organizational entities within online code-sharing platforms.
Sentiment and Financials: Provides ongoing information on organization-related lawsuits, layoff chatter, SEC filings, SEC Form 8-Ks, and ESG violations.
Archived Web Pages: Provides continuous access to archived web pages.
Dark Web Presence: Continuously covers organizational mentions, associated ransomware events, and compromised credentials.
Technology Stack: Continuously identifies the technologies in use by the organization.Intelligence Repositories: ThreatNG uses intelligence repositories, including data on the dark web, compromised credentials, ransomware events and groups, known vulnerabilities, ESG violations, bug bounty programs, SEC Form 8-Ks, Bank Identification Numbers, and Mobile Apps. These repositories provide a continuous source of updated information for security validation.
Work with Complementary Solutions: While the document does not detail specific integrations, ThreatNG's capabilities can complement other security tools and contribute to continuous security validation. For example, its threat intelligence and vulnerability data can be valuable for SIEM and SOAR systems, enabling constant monitoring and response.
