Holistic External Visibility
Holistic External Visibility in cybersecurity refers to a comprehensive understanding of all aspects of an organization's digital presence and potential vulnerabilities that are visible from the outside.
Here's a breakdown:
It involves seeing the organization as an attacker would.
It goes beyond simply looking at the organization's website.
It includes identifying and analyzing:
All internet-facing assets.
Cloud services in use.
Social media presence.
Potential data leaks.
Brand exposure.
Third-party connections.
Any information that could be used to exploit a vulnerability or launch an attack.
The goal is to have a complete picture of the organization's external attack surface so that risks can be better assessed and mitigated.
ThreatNG provides holistic external visibility by offering a range of capabilities that allow organizations to see their external presence as an attacker would.
External Discovery: ThreatNG performs purely external unauthenticated discovery, providing a broad view of an organization's digital footprint without needing internal access or connectors.
External Assessment: ThreatNG delivers various risk ratings contributing to holistic external visibility. Examples include:
It assesses Web Application Hijack Susceptibility by analyzing the parts of a web application accessible from the outside world.
It evaluates Subdomain Takeover Susceptibility using external attack surface and digital risk intelligence, including Domain Intelligence.
It derives BEC & Phishing Susceptibility from Sentiment and Financials Findings, Domain Intelligence, and Dark Web Presence.
It calculates Brand Damage Susceptibility from attack surface intelligence, digital risk intelligence, ESG Violations, Sentiment and Financials, and Domain Intelligence.
It determines Data Leak Susceptibility from external attack surfaces and digital risk intelligence based on Cloud and SaaS Exposure, Dark Web Presence, Domain Intelligence, and Sentiment and Financials.
It determines Cyber Risk Exposure using parameters from its Domain Intelligence module and factoring in code secret exposure, cloud and SaaS exposure, and compromised credentials.
It evaluates ESG exposure based on external attack surface, digital risk intelligence, sentiment and financial findings.
It derives Supply Chain & Third-Party Exposure from Domain Intelligence, Technology Stack, and Cloud and SaaS Exposure.
It calculates Breach and Ransomware Susceptibility based on the external attack surface, digital risk intelligence, dark web presence, sentiment, and financials.
It assesses Mobile App Exposure by discovering mobile apps in marketplaces and analyzing their contents.
Reporting: ThreatNG offers various reports, including Executive, Technical, Prioritized, Security Ratings, Inventory, Ransomware Susceptibility, and U.S. SEC Filings, that help organizations communicate their external risk posture.
Continuous Monitoring: ThreatNG monitors external attack surfaces, digital risks, and security ratings.
Investigation Modules: ThreatNG includes various investigation modules that enable in-depth analysis of external risks:
Domain Intelligence: Provides a broad overview and detailed information on various aspects of domains.
IP Intelligence: Provides information on IPs, Shared IPs, ASNs, Country Locations, and Private IPs.
Certificate Intelligence: Provides information on TLS Certificates and Associated Organizations.
Social Media: Gathers posts from the organization under investigation.
Sensitive Code Exposure: Discovers public code repositories and uncovers digital risks.
Mobile Application Discovery: Discovers mobile apps and analyzes their contents.
Search Engine Exploitation: Helps investigate an organization’s susceptibility to exposing information via search engines.
Cloud and SaaS Exposure: Identifies sanctioned and unsanctioned cloud services, cloud service impersonations, and exposed cloud buckets, and covers SaaS implementations.
Online Sharing Exposure: Identifies organizational entity presence within online code-sharing platforms.
Sentiment and Financials: Covers organizational-related lawsuits, layoff chatter, SEC filings, SEC Form 8-Ks, and ESG violations.
Archived Web Pages: Provides access to archived web pages.
Dark Web Presence: Covers organizational mentions, associated ransomware events, and compromised credentials.
Technology Stack: Identifies the technologies used by the organization.
Intelligence Repositories: ThreatNG uses intelligence repositories, including data on the dark web, compromised credentials, ransomware events and groups, known vulnerabilities, ESG violations, bug bounty programs, SEC Form 8-Ks, Bank Identification Numbers, and Mobile Apps.
Work with Complementary Solutions: While specific integrations aren't detailed in the document, ThreatNG's capabilities can complement other security tools. For instance, its threat intelligence and vulnerability data can be valuable for SIEM and SOAR systems.
