External Risk Management Platform

E
Written By Threat NG Staff

An External Risk Management (ERM) Platform, in the context of cybersecurity, is a technology solution that helps organizations identify, assess, monitor, and manage cybersecurity risks that originate from outside their traditional network boundaries.

Here's a more detailed explanation:

  • It focuses on risks in the external digital ecosystem rather than solely on internal vulnerabilities.

  • It provides capabilities to discover and analyze an organization's external attack surface, including all its internet-facing assets that attackers could target.

  • ERM platforms often include features for:

    • Third-party risk management.

    • Threat intelligence gathering.

    • Dark web monitoring.

    • Brand protection.

    • Attack surface management.

  • An ERM platform aims to give organizations a comprehensive view of their external risk exposure and tools to mitigate those risks effectively.

Here's how ThreatNG functions as an External Risk Management (ERM) platform:

External Discovery

ThreatNG is designed for robust external discovery. It can perform purely external unauthenticated discovery without needing connectors. This is a core component of an ERM platform, as it identifies an organization's attack surface from an outsider's perspective.

External Assessment

ThreatNG provides various external assessment capabilities that are central to effective ERM. It delivers multiple risk ratings, including:

  • Web Application Hijack Susceptibility: ThreatNG assesses the parts of a web application accessible from the outside world to identify potential entry points for attackers. It calculates this score using external attack surface and digital risk intelligence, including Domain Intelligence.

  • Subdomain Takeover Susceptibility: ThreatNG evaluates a website's susceptibility using external attack surface and digital risk intelligence, incorporating Domain Intelligence. This involves analyzing the website's subdomains, DNS records, SSL certificate statuses, and other relevant factors.

  • BEC & Phishing Susceptibility: ThreatNG derives this from Sentiment and Financials Findings, Domain Intelligence (DNS Intelligence and Email Intelligence), and Dark Web Presence (Compromised Credentials).

  • Brand Damage Susceptibility: This is derived from attack surface intelligence, digital risk intelligence, ESG Violations, Sentiment and Financials (Lawsuits, SEC filings, SEC Form 8-Ks, and Negative News), and Domain Intelligence (Domain Name Permutations and Web3 Domains).

  • Data Leak Susceptibility: ThreatNG derives this from external attack surface and digital risk intelligence based on Cloud and SaaS Exposure, Dark Web Presence (Compromised Credentials), Domain Intelligence, and Sentiment and Financials (Lawsuits and SEC Form 8-Ks).

  • Cyber Risk Exposure: ThreatNG considers parameters from its Domain Intelligence module, including certificates, subdomain headers, vulnerabilities, and sensitive ports, to determine cyber risk exposure. It also factors in code secret exposure, cloud and SaaS exposure, and compromised credentials on the dark web.

  • ESG Exposure: ThreatNG evaluates an organization's vulnerability to environmental, social, and governance (ESG) risks using external attack surface and digital risk intelligence, along with Sentiment and Financials findings.

  • Supply Chain & Third-Party Exposure: ThreatNG derives this from Domain Intelligence (Enumeration of Vendor Technologies from DNS and Subdomains), Technology Stack, and Cloud and SaaS Exposure.

  • Breach & Ransomware Susceptibility: This is derived from external attack surface and digital risk intelligence, including domain intelligence, dark web presence, and sentiment and financials (SEC Form 8-Ks).

  • Mobile App Exposure: ThreatNG evaluates an organization’s mobile apps by discovering them in marketplaces and analyzing their contents for various credentials and identifiers.

Reporting

ThreatNG provides various reports, including Executive, Technical, Prioritized, Security Ratings, Inventory, Ransomware Susceptibility, and U.S. SEC Filings. These reports are essential for communicating risk posture to different stakeholders.

Continuous Monitoring

An ERM platform must provide continuous monitoring, and ThreatNG fits this requirement by offering continuous monitoring of external attack surface, digital risk, and security ratings.

Investigation Modules

ThreatNG includes detailed investigation modules:

  • Domain Intelligence: This module provides a broad overview and deep dives into various aspects of domains, including:

    • Domain Overview (Digital Presence Word Cloud, Microsoft Entra Identification and Domain Enumeration, Bug Bounty Programs)

    • DNS Intelligence (Domain Record Analysis, Domain Name Permutations, and Web3 Domains)

    • Email Intelligence (Security Presence, Format Predictions, and Harvested Emails)

    • WHOIS Intelligence (WHOIS Analysis and Other Domains Owned)

    • Subdomain Intelligence (extensive analysis of subdomains, including technical details, content identification, ports, vulnerabilities, and more)

  • IP Intelligence: Provides information on IPs, Shared IPs, ASNs, Country Locations, and Private IPs.

  • Certificate Intelligence: Provides information on TLS Certificates and Associated Organizations.

  • Social Media: Gathers posts from the organization under investigation.

  • Sensitive Code Exposure: Discovers public code repositories and uncovers various digital risks.

  • Mobile Application Discovery: Discovers mobile apps and analyzes their contents.

  • Search Engine Exploitation: Helps investigate an organization’s susceptibility to exposing information via search engines.

  • Cloud and SaaS Exposure: This identifies sanctioned and unsanctioned cloud services, cloud service impersonations, and exposed cloud buckets and covers SaaS implementations.

  • Online Sharing Exposure: Identifies organizational entity presence within online code-sharing platforms.

  • Sentiment and Financials: Covers organizational-related lawsuits, layoff chatter, SEC filings, SEC Form 8-Ks, and ESG violations.

  • Archived Web Pages: Provides access to archived web pages.

  • Dark Web Presence: Covers organizational mentions, associated ransomware events, and compromised credentials.

  • Technology Stack: Identifies the technologies used by the organization.

These modules provide in-depth risk assessment and investigation information, core to ERM.

Intelligence Repositories

ThreatNG uses various intelligence repositories, including data on the dark web, compromised credentials, ransomware events and groups, known vulnerabilities, ESG violations, bug bounty programs, SEC Form 8-Ks, Bank Identification Numbers, and Mobile Apps.

Work with Complementary Solutions

While the document doesn't detail specific integrations, ThreatNG's comprehensive external risk management capabilities mean it can enhance various security tools. For example, its threat intelligence and vulnerability data can be valuable for SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response) systems.

Threat NG Staff
Previous

Holistic External Visibility
Next

External Risk Management