CMDB Reconciliation

Cloud and SaaS Exposure Management

Brand Protection

Digital Risk Protection (DRP)

Due Diligence

External Attack Surface Management (EASM)

Third-Party Risk Management

CMDB Reconciliation in cybersecurity is the critical process of validating and merging internal asset records from a Configuration Management Database (CMDB) with the organization's real-world, "outside-in" digital footprint. Most organizations face a Visibility Gap, the difference between what their internal scanners, such as ServiceNow or SCCM, detect and what a real attacker can find on the public internet.

ThreatNG acts as the definitive External Truth Engine, ensuring that the "Golden Record" in a CMDB is not just a list of what you know you have, but a complete inventory of what you actually expose.

1. External Discovery: Finding the "Unknown Unknowns"

ThreatNG performs purely external unauthenticated discovery using no connectors. This is essential for CMDB reconciliation because it identifies Shadow IT, which consists of assets created by developers or marketing teams that bypass official procurement and never enter the internal CMDB.

Discovery Example: ThreatNG can automatically uncover subdomains, abandoned cloud buckets, and public code repositories linked to your brand without requiring internal network access or pre-defined IP ranges.

2. Detailed External Assessment: Quantifying Asset Risk

Once assets are discovered, ThreatNG assesses their susceptibility to exploitation, providing granular metadata that enriches CMDB entries with security context.

Web Application Hijack Susceptibility: ThreatNG analyzes subdomains for missing or deprecated security headers (e.g., Content-Security-Policy, HSTS, X-Frame-Options). For example, a "Production" CI in your CMDB can be flagged if it is missing a CSP header, making it vulnerable to Cross-Site Scripting (XSS).
Subdomain Takeover Susceptibility: ThreatNG cross-references CNAME records against a comprehensive vendor list (AWS, Azure, Heroku, Shopify, etc.) to find "dangling DNS" states where an attacker could claim an inactive resource. This validates the "active" status of CIs in the CMDB.
Breach & Ransomware Susceptibility: This assessment identifies exposed ports and private IPs that have been leaked to the public web. If the CMDB shows a server as "Internal Only" but ThreatNG discovers it responding on a public port, the reconciliation process triggers an immediate security alert.
Data Leak Susceptibility: By uncovering exposed open cloud buckets and identifiable SaaS applications, ThreatNG identifies high-risk storage assets that may be completely missing from your internal asset registers.

3. Investigation Modules: Deep-Dive Asset Intelligence

ThreatNG provides specialized modules that transform raw discovery data into actionable evidence for CMDB health.

Domain Intelligence Module: This module identifies IP addresses and the associated technology stacks (e.g., WordPress, Akamai, Cloudflare) for every domain and subdomain. It ensures the CMDB accurately reflects the operating system and application versions for every external asset.
Subdomain Intelligence & WAF Discovery: ThreatNG pinpoints the presence of Web Application Firewalls (WAFs) down to the subdomain level. It can distinguish between specific vendors, such as F5, Imperva, and Cloudflare, enabling the CMDB to track which protection layers are applied to specific business services.
Social Media & Username Exposure: This module identifies corporate identities and brand presence on Reddit, LinkedIn, and high-risk forums. This helps reconcile "Human Assets" and their associated risks (like social engineering susceptibility) into the broader organizational risk model.

4. Intelligence Repositories (DarCache)

To provide "Legal-Grade Attribution" for assets, ThreatNG leverages DarCache, a continuously updated intelligence repository.

DarCache Rupture: Contains compromised credentials found on the dark web.
DarCache Ransomware: Tracks over 100 ransomware gangs (e.g., LockBit, Akira) and their target histories.
DarCache Vulnerability: Integrates NVD, EPSS, KEV (Known Exploited Vulnerabilities), and Proof-of-Concept Exploits to predict which discovered assets are most likely to be weaponized.

5. Continuous Monitoring & Reporting

CMDBs are notoriously static. ThreatNG provides continuous monitoring of the external attack surface, ensuring the CMDB remains synchronized with reality.

Prioritized Reporting: ThreatNG generates technical and executive reports that categorize findings by severity (A-F ratings). These reports can serve as an automated "to-do list" for IT Asset Management (ITAM) teams to update or decommission CMDB records.

6. Cooperation with Complementary Solutions

ThreatNG is designed to work in tandem with other industry-leading platforms to automate the reconciliation workflow.

CMDB & ITSM (ServiceNow, Jira): ThreatNG discovery gaps (assets found externally but missing internally) can automatically trigger the creation of a "Skeleton CI" or an Incident ticket in ServiceNow or Jira, forcing IT staff to validate.
SIEM & XDR (Splunk, Microsoft Defender): Enriching your SIEM with ThreatNG’s external risk scores allows security analysts to prioritize internal alerts based on an asset's external exposure level.
GRC Platforms: ThreatNG maps external findings directly to frameworks like PCI DSS, HIPAA, and ISO 27001, providing the objective, "outside-in" evidence required for automated compliance audits.