Asset Discovery Search

Asset Discovery Search is a functionality within security tools that allows security professionals to actively query and locate specific assets within an organization's digital environment. It goes beyond basic asset inventory by providing advanced search capabilities to find assets based on various criteria.

Here's a breakdown of what Asset Discovery Search typically involves:

• Scope: Asset Discovery Search operates across the range of assets the security tool can identify. This can include:

  • Hardware devices (servers, workstations, laptops, mobile devices, IoT devices)

  • Software applications

  • Cloud-based resources (instances, storage, functions)

  • Network devices (routers, switches, firewalls)

  • Data repositories

• Search Criteria: Asset Discovery Search allows users to find assets based on a variety of parameters, such as:

  • Asset type

  • Operating system

  • Installed software

  • Network configuration (IP address, hostname)

  • Security vulnerabilities

  • Compliance status

  • Ownership or department

  • Location

• Advanced Search Capabilities: More sophisticated Asset Discovery Search functionalities may include:

  • Keyword searches

  • Boolean operators (AND, OR, NOT)

  • Wildcard characters

  • Filtering and sorting of results

• Integration with Other Security Functions: Asset Discovery Search is often integrated with other security capabilities, such as:

  • Vulnerability management

  • Incident response

  • Compliance monitoring

• Purpose: The primary purposes of Asset Discovery Search are to:

  • Quickly locate specific assets for investigation or remediation

  • Identify assets that meet certain security criteria (e.g., assets with a particular vulnerability)

  • Support security audits and compliance efforts

  • Improve overall asset visibility and management

Asset Discovery Search empowers security teams to efficiently find and manage their digital assets, enabling more effective security operations and risk management.

ThreatNG's capabilities align closely with the concept of Asset Discovery Search, enabling users to identify and locate specific assets based on various criteria.

1. External Discovery

ThreatNG's external discovery is the foundation for any Asset Discovery Search.

• ThreatNG's "purely external unauthenticated discovery" identifies the range of external-facing assets that can be searched. This initial discovery is crucial for establishing the pool of assets.

• Example: ThreatNG discovers all subdomains, cloud services, and exposed systems associated with an organization, creating a comprehensive inventory for subsequent searches.

• Complementary Solutions:

• Internal Asset Discovery Tools: These tools can complement ThreatNG by providing data on internal assets, enabling a more comprehensive search across both external and internal environments.

• Cloud Inventory Tools: These tools can provide detailed inventories of cloud assets, which can be integrated with ThreatNG's findings to enhance cloud-specific asset searches.

2. External Assessment

ThreatNG's external assessment capabilities provide rich data that can be used as search criteria.

• ThreatNG's assessments generate a wealth of information about discovered assets, enabling searches based on:

• Vulnerabilities (e.g., assets with "Web Application Hijack Susceptibility" )

• Technologies (e.g., assets using specific web servers)

• Security configurations (e.g., assets with weak SSL certificates)

• Examples:

• You can search for assets susceptible to specific types of attacks, such as "Subdomain Takeover Susceptibility," to quickly locate high-risk assets.

• ThreatNG's discovery of "Mobile Apps" and their "contents" allows you to search for mobile apps containing specific credentials.

• Complementary Solutions:

• Vulnerability Scanners: These tools provide detailed vulnerability data (e.g., CVEs) that can be used to refine asset searches.

• Configuration Management Tools: These tools can provide configuration data that can be combined with ThreatNG's assessment data to enable searches based on specific configurations.

3. Reporting

ThreatNG's reporting features present the discovered and assessed asset data in a way that facilitates searching and filtering.

• ThreatNG's reports contain detailed information about discovered assets, which can be used to find specific assets.

• Example: ThreatNG's reports on "Mobile Apps" and "Code Repository Exposure" provide data on the contents of these assets, enabling searches for specific information within them.

• Complementary Solutions:

• SIEM Systems: SIEM systems can ingest ThreatNG's data and provide advanced search and querying capabilities across a broader range of security data.

• Data Visualization Tools: These tools can present ThreatNG's asset data in visual formats, making identifying and locating specific assets easier.

4. Continuous Monitoring

ThreatNG's continuous monitoring ensures that the asset data used for searches is up-to-date.

• ThreatNG's "Continuous Monitoring of external attack surface" ensures that any Asset Discovery Search is performed against the latest information.

• Example: If a new subdomain is created or a cloud service configuration changes, ThreatNG's continuous monitoring will detect this, and the updated information will be searchable.

• Complementary Solutions:

• Change Management Systems: Integrating change management systems can help correlate asset changes with planned IT changes, providing valuable context for asset searches.

• Real-time Threat Detection Systems: These systems can provide real-time alerts about suspicious activity related to specific assets, enabling security teams to locate and investigate those assets quickly.

5. Investigation Modules

ThreatNG's investigation modules provide powerful search and filtering capabilities to locate specific assets and related information.

• The "Advanced Search" feature facilitates detailed discovery and assessment results investigations. Users can use search parameters and filters to quickly find specific data, extract intelligence, and identify risks on their external attack surface.

• Examples:

• The "Domain Intelligence" module allows searching for assets based on domain-related criteria, such as subdomains, DNS records, or email configurations.

• The "Sensitive Code Exposure" module enables searching for assets based on exposed credentials, secrets, or configuration files.

• Complementary Solutions:

• Threat Hunting Platforms: These platforms provide advanced search and query capabilities to locate assets and threats proactively based on various criteria.

• Security Analytics Platforms: These platforms use data analytics to identify patterns and anomalies in asset data, enabling more sophisticated asset searches.

6. Intelligence Repositories

ThreatNG's intelligence repositories provide additional data and context that can be used to enhance Asset Discovery Searches.

• These repositories ("DarCache") provide information on various entities and threats:

• "DarCache Mobile" includes information on Mobile Apps.

• "DarCache Vulnerability" provides data on vulnerabilities.

• Example: The "DarCache Mobile" repository allows you to search for mobile apps containing specific "Access Credentials" or "Security Credentials".

• Complementary Solutions:

• Threat Intelligence Platforms (TIPs): Integrating with TIPs can provide additional context about threats targeting specific assets, enhancing the search process.

• Vulnerability Databases: These databases provide detailed information about vulnerabilities (e.g., CVEs), which can be used to refine asset searches based on vulnerability criteria.

ThreatNG’s capabilities strongly support Asset Discovery Search. Through external discovery, assessment, reporting, continuous monitoring, investigation modules, and intelligence repositories, ThreatNG enables security teams to locate and manage their external-facing assets effectively. The potential to work with complementary solutions can further enhance these search capabilities.