Attacker-Centric Asset Inventory
An "Attacker-Centric Asset Inventory" is a cybersecurity approach to cataloging an organization's digital assets. It focuses on how those assets appear to potential attackers and can be exploited by them.
Key Characteristics:
External Viewpoint: The inventory prioritizes assets visible from the internet or other external networks, mirroring an attacker's reconnaissance efforts.
Exploitability Focus: Assets are assessed for their existence and potential weaknesses, and how easily they can be compromised.
Attack Vector Identification: The inventory highlights potential entry points and attack pathways that malicious actors might use.
Contextualization for Attackers: Information about assets is gathered and presented in a way that is relevant to an attacker's goals, such as:
Which assets hold valuable data?
Which assets are easily accessible?
Which assets have known vulnerabilities?
Prioritization Based on Attacker Value: Assets might be prioritized based on their attractiveness to attackers, rather than solely on their internal business value.
Benefits:
Realistic Risk Assessment: Provides a more accurate picture of an organization's actual security risk.
Effective Vulnerability Management: Helps security teams focus on the most critical vulnerabilities from an attacker's perspective.
Improved Security Posture: Leads to better protection against real-world attacks.
Proactive Defense: Enables organizations to identify and secure weaknesses before attackers can exploit them.
ThreatNG is a robust platform that empowers organizations to take control of their external attack surface. It achieves this through a combination of powerful features:
ThreatNG's strength begins with its external discovery. It uses a "seedless" approach, meaning it can perform purely external unauthenticated discovery using only a domain and organization name.
This is incredibly helpful because it doesn't require a pre-existing inventory of all your external assets. ThreatNG automatically maps your external footprint, finding assets you might not know about.
ThreatNG provides a very detailed external assessment of your external assets:
Web Application Hijack Susceptibility: ThreatNG analyzes your web applications to identify weaknesses that could allow attackers to take control.
For example, it assesses login pages for vulnerability to credential stuffing and checks for Cross-Site Scripting (XSS) vulnerabilities.
Subdomain Takeover Susceptibility: It assesses the risk of attackers taking over your subdomains.
This involves analyzing DNS records and SSL certificate statuses.
BEC & Phishing Susceptibility: ThreatNG evaluates your vulnerability to Business Email Compromise (BEC) and phishing attacks.
It considers factors like public sentiment, financial data, the risk of attackers impersonating your domains, and compromised credentials on the dark web.
Brand Damage Susceptibility: ThreatNG assesses the risk to your brand's reputation.
It analyzes various factors, including your attack surface, digital risk, ESG violations, public sentiment, and the potential for domain impersonation.
Data Leak Susceptibility: ThreatNG evaluates your risk of data leaks.
It examines your cloud and SaaS exposure, dark web presence (for compromised credentials), domain intelligence, and financial/legal disclosures.
Cyber Risk Exposure: ThreatNG calculates your overall cyber risk.
This includes analyzing certificate issues, subdomain vulnerabilities, exposed ports, and the presence of sensitive data in code repositories.
It also considers your cloud and SaaS exposure and any compromised credentials.
ESG Exposure: ThreatNG assesses your vulnerability to Environmental, Social, and Governance (ESG) risks.
It analyzes media sentiment and financial data to identify potential ESG-related issues.
Supply Chain & Third-Party Exposure: ThreatNG helps you understand risks from your vendors.
It identifies the technologies they use and assesses your cloud and SaaS dependencies.
Breach & Ransomware Susceptibility: ThreatNG evaluates your likelihood of experiencing a data breach or ransomware attack.
It considers your attack surface, dark web activity, and financial disclosures.
Mobile App Exposure: ThreatNG analyzes your mobile apps for security issues.
It discovers your apps in marketplaces and examines them for exposed credentials, security keys, and platform-specific identifiers.
Positive Security Indicators: Importantly, ThreatNG also identifies and highlights your security strengths, like the presence of Web Application Firewalls or multi-factor authentication.
ThreatNG delivers a variety of reports to meet different needs:
Executive summaries
Technical reports
Prioritized risk lists
Security ratings
Inventory reports
Ransomware susceptibility reports
SEC filings analysis
These reports are enhanced with a built-in knowledge base that provides:
Risk levels for prioritization
Reasoning behind the findings
Recommendations for remediation
Links to further information
ThreatNG continuously monitors your external attack surface, digital risks, and security ratings, providing ongoing awareness of your security posture.
ThreatNG's investigation modules provide robust solutions for in-depth analysis:
Domain Intelligence: This module offers a wealth of information about your domains:
Domain Overview
DNS Intelligence
Email Intelligence
WHOIS Intelligence
Subdomain Intelligence (including details on technologies used)
IP Intelligence
Certificate Intelligence
Social Media
Sensitive Code Exposure: This module discovers public code repositories and identifies exposed credentials, API keys, and other sensitive information.
For example, it can find hardcoded AWS credentials in a GitHub repository.
Mobile Application Discovery: This module discovers your mobile apps in marketplaces and analyzes them for security vulnerabilities.
For instance, it can detect hardcoded API keys within a mobile app.
Search Engine Exploitation: This module helps you assess how easily information can be exposed through search engines.
It analyzes website control files (like robots.txt and security.txt) and identifies potential search engine attack surfaces.
Cloud and SaaS Exposure: This module identifies your cloud services, potential cloud impersonations, exposed cloud storage, and SaaS applications.
Online Sharing Exposure: This module identifies your presence on code-sharing platforms.
Sentiment and Financials: This module provides insights into lawsuits, layoff chatter, SEC filings, and ESG violations.
Archived Web Pages: This module helps you discover archived versions of your web pages and data.
Dark Web Presence: This module tracks mentions of your organization on the dark web, ransomware activity, and compromised credentials.
Technology Stack: This module identifies the technologies you use.
ThreatNG uses a wealth of intelligence repositories to enrich its analysis:
Dark web data
Compromised credentials
Ransomware information
Vulnerability data
ESG violation records
Bug bounty programs
SEC filings
Mobile app data
Working with Complementary Solutions
ThreatNG integrates with other security tools to enhance your overall security posture:
SIEM (Security Information and Event Management) systems: You can feed ThreatNG's findings into your SIEM to correlate external risks with internal events.
For example, if ThreatNG detects compromised credentials, your SIEM can monitor for suspicious logins.
Vulnerability Management Tools: ThreatNG's external vulnerability assessments complement internal scanning.
For example, ThreatNG might identify an exposed web application, and your vulnerability scanner can then perform a deeper analysis.
SOAR (Security Orchestration, Automation, and Response) Platforms: You can use ThreatNG's data to automate security responses.
For instance, if ThreatNG detects a potential phishing domain, your SOAR platform can block it.
Identity and Access Management (IAM) Systems: Integrate ThreatNG's compromised credential detection to trigger actions like password resets.
By providing comprehensive external visibility, detailed risk assessments, and seamless integration, ThreatNG is a valuable solution for proactive security management.
