External Footprint
In cybersecurity, an organization's External Footprint refers to the entirety of its digital assets and resources that are exposed and accessible from the internet. It's the sum of everything an attacker can potentially interact with when attempting to penetrate an organization's defenses from the outside.
Here's a more detailed explanation:
Digital Assets: This includes all internet-facing components, such as:
Websites and web applications
Email servers
Domain Name System (DNS) servers
Cloud services and storage
Application Programming Interfaces (APIs)
File Transfer Protocol (FTP) servers
Any other system that communicates with the internet
Accessibility: The defining characteristic is that these assets can be reached without needing to be on the organization's internal network.
Visibility: This refers to how visible these assets are to the outside world, which influences how easily an attacker can find and target them.
Attack Surface Relationship: The external footprint is closely related to the "attack surface." A larger external footprint generally means a larger attack surface, which can increase attack vulnerability.
Information Gathering: Attackers often start by mapping out an organization's external footprint to identify potential entry points and vulnerabilities.
ThreatNG is designed to discover and analyze an organization's External Footprint, providing comprehensive visibility into its externally accessible assets.
External Discovery: Mapping the Footprint
ThreatNG's external discovery process is fundamental to understanding the External Footprint. It identifies all assets exposed to the internet, providing a complete map of the organization's digital presence.
This includes identifying websites, web applications, servers, domains, subdomains, and cloud services.
External Assessment: Detailed Analysis of the Footprint
ThreatNG's external assessment modules provide detailed information about the discovered assets, giving valuable context to the External Footprint:
Domain Intelligence: This module provides in-depth information about domains, subdomains, DNS records, and related infrastructure, revealing key components of the organization's online presence.
Technology Stack: ThreatNG identifies the technologies used by web applications and other systems, providing insights into potential vulnerabilities and attack vectors within the External Footprint.
Cloud and SaaS Exposure: ThreatNG discovers the organization's use of cloud services and SaaS applications, highlighting the cloud-based portion of its External Footprint.
Mobile Application Discovery: ThreatNG identifies the organization's mobile apps, an increasingly important part of the External Footprint.
Reporting: Communicating the Footprint
ThreatNG's reporting capabilities present the information about the External Footprint in a structured and organized manner.
This helps security teams and other stakeholders understand the scope and nature of the organization's online presence.
Continuous Monitoring: Tracking Changes to the Footprint
ThreatNG's continuous monitoring is crucial because the External Footprint is dynamic.
It detects new assets, changes in configurations, and emerging vulnerabilities, ensuring that the organization always has an up-to-date view of its online presence.
Investigation Modules: In-Depth Analysis of Footprint Components
ThreatNG's investigation modules allow for a detailed analysis of specific components of the External Footprint.
For example, the Domain Intelligence module enables in-depth exploration of domain-related assets and configurations.
Working with Complementary Solutions
ThreatNG's data about the External Footprint can be integrated with other security and IT management tools.
For example, it can be combined with an internal Configuration Management Database (CMDB) to provide a more complete view of the organization's IT assets.
ThreatNG provides comprehensive capabilities for discovering, analyzing, and monitoring an organization's External Footprint. This visibility is essential for effective cybersecurity and risk management.
