Shared Responsibility Model

The Shared Responsibility Model is a fundamental concept in cloud computing security, defining the security obligations between the cloud service provider (CSP) and the cloud customer. It clarifies who is responsible for securing which parts of the cloud environment.

Generally, the CSP is responsible for the security of the cloud, which includes the physical infrastructure, network, and virtualization layer. This means the provider secures the data centers, hardware, and the underlying systems that enable the cloud services to function.

The customer, on the other hand, is responsible for security in the cloud. This encompasses the data they store, the applications they run, the operating systems they use, and the network configurations they establish within the cloud environment. Essentially, the customer secures what they put into the cloud provider's infrastructure.

The specific responsibilities can vary depending on the cloud service model:

• Infrastructure as a Service (IaaS): In IaaS, the customer has the most responsibility, managing operating systems, middleware, applications, and data. The provider is primarily responsible for the physical infrastructure.

• Platform as a Service (PaaS): In a PaaS model, the provider manages a significant portion of the underlying infrastructure, including operating systems and middleware, while the customer focuses on developing and managing applications and data.

• Software as a Service (SaaS): In SaaS, the provider assumes the most responsibility, managing the application, data, and underlying infrastructure. The customer is primarily responsible for the data they input and for managing user access.

It is crucial for organizations using cloud services to thoroughly understand the Shared Responsibility Model to implement appropriate security measures and avoid potential security gaps.

How ThreatNG Addresses the Shared Responsibility Model

ThreatNG plays a vital role in helping organizations meet their responsibilities within the Shared Responsibility Model, primarily by providing exceptional external visibility and assessment of their attack surface. It empowers security teams to understand and manage risks effectively, especially in areas where they hold direct accountability.

1. ThreatNG's Core Strengths

• External Discovery: ThreatNG excels at performing purely external, unauthenticated discovery without needing connectors. This is crucial because it enables organizations to view their cloud and SaaS footprint from an attacker's perspective, identifying vulnerabilities that may be overlooked by internal tools.

• External Assessment: ThreatNG offers a comprehensive range of external assessment capabilities, providing valuable insights into an organization's security posture.

• Reporting: ThreatNG provides various reporting options, including executive, technical, prioritized, and security ratings reports. These reports enable organizations to understand their risk levels, the reasoning behind the findings, and the recommended actions.

• Continuous Monitoring: ThreatNG continuously monitors the external attack surface, digital risk, and security ratings to ensure optimal protection. This ongoing vigilance enables organizations to stay ahead of emerging threats and maintain a robust security posture.

• Investigation Modules: ThreatNG's investigation modules provide in-depth information about various aspects of an organization's external presence, aiding in the identification and analysis of potential security risks.

• Intelligence Repositories: ThreatNG's intelligence repositories provide a wealth of information on threats, vulnerabilities, and risks, enabling organizations to make informed decisions about their security strategy.

2. How ThreatNG Helps with Specific Responsibilities

Here's how ThreatNG's capabilities align with the Shared Responsibility Model:

• Customer's Responsibilities ("Security in the Cloud")

  • Data Protection:

    • ThreatNG's Code Secret Exposure capability discovers exposed code repositories and investigates their contents for sensitive data. For example, it can identify exposed credentials, such as API keys and passwords, cloud credentials (e.g., AWS keys), and security credentials (e.g., cryptographic keys). This helps organizations protect their data by identifying and remediating potential data leaks.

    • ThreatNG's Cloud and SaaS Exposure module identifies exposed cloud buckets, including AWS S3, Azure, and GCP. This is critical because exposed buckets constitute a significant source of data breaches.

  • Application Security:

    • ThreatNG assesses the susceptibility of web applications to hijacking and subdomain takeover. For example, it analyzes DNS records, SSL certificate statuses, and other factors to identify potential takeover risks. This helps organizations secure their applications and prevent attackers from compromising them.

    • ThreatNG's technology stack identification helps organizations understand the technologies used in their web applications, which can inform vulnerability management efforts.

  • Access Management:

    • While ThreatNG doesn't directly manage access, its reporting and continuous monitoring help organizations identify potential access control weaknesses. For instance, exposed credentials discovered by ThreatNG could indicate weak access controls or insider threats.

  • Operating System and Network Security (in IaaS):

    • In IaaS environments, where customers manage their OS and network, ThreatNG's vulnerability assessments and cyber risk exposure analysis can help identify weaknesses.

    • For example, ThreatNG considers exposed sensitive ports and known vulnerabilities to determine cyber risk exposure.

  • SaaS Application Configuration:

    • ThreatNG's Cloud and SaaS Exposure module helps organizations gain visibility into their SaaS usage and identify potential misconfigurations.

    • For example, it can identify unsanctioned SaaS applications, known as Shadow IT, which may have insecure configurations.

• Provider's Responsibilities ("Security of the Cloud")

  • While ThreatNG doesn't directly address the provider's responsibilities, it can help organizations verify that their providers are meeting their obligations.

  • For example, ThreatNG's reporting on security headers can help organizations ensure that their cloud providers are implementing appropriate security measures.

3. ThreatNG's Investigation Modules in Detail

ThreatNG's investigation modules provide detailed insights that are invaluable for understanding and mitigating risks within the Shared Responsibility Model:

• Domain Intelligence: This module provides a wealth of information about an organization's domains, which is crucial for assessing various attack vectors.

  • For example, Domain Intelligence includes:

    • DNS Intelligence: Analyzes DNS records to identify potential vulnerabilities.

    • Subdomain Intelligence: Identifies subdomains and analyzes their headers and technologies to uncover security weaknesses.

• IP Intelligence: This module provides information about an organization's IP addresses, enabling the identification of potential network security issues.

• Certificate Intelligence: This module analyzes TLS certificates to identify potential vulnerabilities related to encryption and trust.

• Social Media: This module monitors social media for mentions of the organization, helping to identify potential reputational risks or security threats.

• Sensitive Code Exposure: As mentioned earlier, this module is crucial for identifying exposed code repositories and sensitive information within them.

• Mobile Application Discovery: This module identifies mobile apps related to the organization and analyzes them for security vulnerabilities, including exposed credentials.

• Search Engine Exploitation: This module helps identify information that an attacker can find via search engines to attack the organization.

• Cloud and SaaS Exposure: As discussed, this module provides critical visibility into cloud and SaaS usage, including Shadow IT and exposed cloud buckets.

• Technology Stack: This module identifies the technologies used by the organization, which helps in vulnerability management and identifying potential compatibility issues.

4. ThreatNG's Intelligence Repositories in Detail

ThreatNG's intelligence repositories provide a rich source of information for security analysis:

• Dark Web Presence: Information on compromised credentials and ransomware events.

• Known Vulnerabilities: A database of known vulnerabilities to help prioritize remediation efforts.

• ESG Violations: Information on environmental, social, and governance violations.

• Mobile Apps: Indicators of access credentials, security credentials, and platform-specific identifiers present within mobile apps.

5. Working with Complementary Solutions

ThreatNG is designed to work effectively with other security solutions:

• Cloud Access Security Brokers (CASBs): ThreatNG's findings can complement CASB deployments by providing external validation of cloud security posture and identifying Shadow IT activities that CASBs might miss.

• Data Loss Prevention (DLP) Solutions: ThreatNG can help identify the sources of potential data leaks (e.g., exposed code repositories, cloud buckets), enabling DLP solutions to be more effectively targeted.

• Security Information and Event Management (SIEM) Systems: ThreatNG's alerts and findings can be integrated into SIEM systems to provide a more comprehensive view of security events.

• Vulnerability Management Tools: ThreatNG's external vulnerability assessments can complement internal vulnerability scans, providing a more complete picture of an organization's vulnerability posture.

By providing comprehensive external visibility and assessment, ThreatNG empowers organizations to proactively manage their responsibilities within the Shared Responsibility Model, reducing their risk of security breaches and compliance violations.