Evidence-Based Assessment

Evidence-based assessment in cybersecurity is evaluating security risks, vulnerabilities, and the effectiveness of security controls by relying on objective, verifiable data and factual information rather than subjective opinions or assumptions. It emphasizes using concrete evidence to support security decisions and improve the accuracy of security evaluations.

Here's a more detailed explanation:

• Objective Data: Evidence-based assessments use quantifiable data, such as logs, scan results, network traffic analysis, and configuration settings, to support their conclusions.

• Verifiable Information: The evidence used must be verifiable and reliable. This means tracing the data back to its source and confirming its accuracy should be possible.

• Reduced Subjectivity: This approach minimizes the influence of personal biases or assumptions in security evaluations by focusing on evidence.

• Improved Accuracy: Evidence-based assessments lead to more accurate and reliable security evaluations, providing a clearer picture of an organization's security posture.

• Informed Decisions: The evidence gathered supports informed decision-making about security investments, risk management strategies, and the implementation of security controls.

ThreatNG is designed to provide concrete, verifiable evidence about an organization's external security posture, enabling evidence-based assessment.

External Discovery: Gathering Foundational Evidence

• ThreatNG's external discovery process provides the fundamental evidence for assessments. Identifying all externally facing assets establishes a verifiable inventory of what an attacker can see.

• This eliminates assumptions about what's exposed and provides a solid foundation for further analysis.

External Assessment: Providing Detailed Evidence

ThreatNG's external assessment modules deliver detailed, evidence-backed findings:

• Web Application Vulnerabilities: The "Web Application Hijack Susceptibility" assessment provides evidence of specific vulnerabilities in web applications, such as outdated software versions or missing security headers. These are not just theoretical concerns but concrete findings.

• Domain and DNS Configuration: The "Subdomain Takeover Susceptibility" assessment offers evidence about DNS records, subdomain configurations, and SSL certificate statuses. This data supports conclusions about subdomain takeover risks.

• Code Exposure: The "Code Secret Exposure" module provides direct evidence of exposed credentials or sensitive data within code repositories. It doesn't just flag the possibility of exposure; it shows actual instances.

• Network Services: ThreatNG's analysis of exposed ports and services provides evidence of the organization's network attack surface. Open ports are verifiable facts, not assumptions.

Positive Security Indicators: Evidence of Security Strengths

• ThreatNG's "Positive Security Indicators" feature provides evidence of security controls in place. For example, it doesn't just say an organization might have a WAF; it gives evidence of its presence.

• This allows for an evidence-based view of both weaknesses and strengths.

Reporting: Presenting the Evidence Clearly

• ThreatNG's reporting capabilities organize and present the evidence gathered in a clear and structured format.

• This makes it easier for security professionals to review the findings and use them to support their assessments.

Continuous Monitoring: Ongoing Evidence Collection

• ThreatNG's continuous monitoring ensures that evidence is constantly updated.

• This is crucial because security postures change, and evidence needs to reflect the current state.

Investigation Modules: Enabling Deeper Evidence Analysis

• ThreatNG's investigation modules allow for a deeper analysis of the evidence. For example, the Domain Intelligence module lets security teams thoroughly examine DNS records and other domain-related data.

Intelligence Repositories: Corroborating Evidence

• ThreatNG's intelligence repositories provide corroborating evidence from external sources. For example, dark web data can confirm if compromised credentials found by ThreatNG have been used in actual attacks.

Working with Complementary Solutions: Evidence Sharing

• ThreatNG's evidence can be shared with other security solutions to enhance their assessments.

• For example, feeding ThreatNG's vulnerability data into a SIEM provides more evidence for threat analysis.

ThreatNG is built to deliver evidence-based assessments. It provides concrete, verifiable data on an organization's external security, empowering security professionals to make informed decisions based on facts.