Brandfolder

Brandfolder is a Digital Asset Management (DAM) platform that helps organizations centralize, organize, and distribute their digital assets, such as images, videos, marketing collateral, and design files. In the context of cybersecurity, Brandfolder's role is not as a security tool itself, but rather as a critical asset that requires robust protection. A breach of a DAM platform could lead to the exposure of intellectual property, sensitive marketing campaigns, and confidential brand materials, causing significant financial and reputational damage.

Brandfolder's cybersecurity posture is defined by how it protects these valuable assets. Its security features and practices are designed to prevent unauthorized access, ensure data integrity, and maintain asset confidentiality.

Key Aspects of Brandfolder's Cybersecurity:

1. Data Protection:

   • Encryption: Brandfolder encrypts all data both in transit and at rest. This means that data is encrypted while being uploaded or downloaded, and also when it is stored on the servers. This is a fundamental security practice that prevents unauthorized parties from reading the data, even if they were to gain access to the underlying storage.

   • Secure Storage: The platform utilizes secure cloud infrastructure, such as Google Cloud, to store its data. This leverages the extensive physical and electronic security measures of a primary cloud provider.

   • Backups and Disaster Recovery: Brandfolder has established protocols for business continuity and disaster recovery, including backups and data replication. This ensures that in the event of a security incident or system failure, customer data can be restored.

2. Access and Identity Management:

   • Granular User Permissions: A core security feature of a DAM is the ability to control who can access specific assets. Brandfolder provides granular permissions, allowing administrators to define different roles (e.g., owner, admin, collaborator, guest) with varying levels of access to specific Brandfolders, collections, or even individual assets.

   • Secure Authentication: Brandfolder supports Single Sign-On (SSO) and two-factor authentication (2FA) to secure user logins. This helps prevent unauthorized access by requiring a more robust authentication process and reduces the reliance on simple passwords, which can be easily compromised.

   • Activity Logs and Auditing: The platform maintains an audit trail of user activity, showing who accessed, viewed, or downloaded assets and when. This is a crucial feature for security teams to investigate suspicious activity and maintain compliance.

3. Sharing and Distribution Security:

   • Controlled Sharing: When sharing assets with external partners or clients, Brandfolder provides secure options. Share links can be configured with password protection, expiration dates, and view-only permissions. This prevents assets from being left indefinitely in unsecure email attachments or on public sharing sites.

   • Watermarking: For high-value assets, administrators can use watermarking to prevent unauthorized use and to trace the source of a leak if an asset is misused.

4. Operational and Development Security:

   • Vulnerability Management: Brandfolder's infrastructure and application are regularly tested for security vulnerabilities through internal practices and external penetration tests. This proactive approach helps identify and fix potential weaknesses before they can be exploited.

   • Compliance and Certifications: The company has achieved key security and compliance certifications, such as SOC 2 Type 2 and ISO 27001. These third-party validations demonstrate that Brandfolder has a formal and effective security program in place to protect customer data.

For a company using Brandfolder, the cybersecurity focus is on the security of the platform itself. The primary risks include data breaches that could compromise intellectual property or confidential marketing plans. Brandfolder's security posture is built on a foundation of data encryption, robust access controls, and a commitment to adhering to security best practices and compliance standards.

An organization that uses Brandfolder can use ThreatNG to gain an external, attacker's perspective on the security of its digital assets and brand presence. ThreatNG's capabilities help to discover, assess, and continuously monitor risks that are often invisible to internal security tools.

External Discovery

ThreatNG performs purely external, unauthenticated discovery, meaning it doesn't need to be integrated with a company's internal network to find its digital assets. Using its Cloud and SaaS Exposure module, ThreatNG would automatically identify the company's Brandfolder instance as a sanctioned SaaS application in use. It also identifies other related external assets, such as subdomains, mobile apps, and public code repositories, to create a comprehensive view of the company's attack surface.

• Example: ThreatNG would scan the internet and identify mycompany.brandfolder.com as a third-party service belonging to the organization.

External Assessment

After discovering the Brandfolder instance, ThreatNG assesses its potential vulnerabilities and risks from an attacker's perspective.

• Cyber Risk Exposure: ThreatNG's assessment would identify risks such as exposed sensitive ports or misconfigured certificates related to the Brandfolder domain. It also factors in Code Secret Exposure, which discovers if any public code repositories or mobile apps contain sensitive data, such as an API key for a Brandfolder integration. The score also considers compromised credentials on the dark web that could be used to gain unauthorized access to Brandfolder accounts.

• Data Leak Susceptibility: ThreatNG assesses a company's susceptibility to data leaks by looking for exposed information in cloud and SaaS environments. This includes finding exposed intellectual property or confidential marketing materials in open cloud buckets or on public sharing platforms that were intended to be private.

• Subdomain Takeover Susceptibility: This assessment would use Domain Intelligence to analyze the website's subdomains, DNS records, and SSL certificate statuses. A misconfigured DNS record on a subdomain related to Brandfolder could lead to a subdomain takeover, allowing an attacker to impersonate the brand and trick users into providing credentials.

• Brand Damage Susceptibility: This score is derived from digital risk intelligence and Domain Intelligence, which includes available and taken domain name permutations. ThreatNG would identify if a bad actor registered a look-alike domain (e.g., brandfolder-mycompany.com) to conduct phishing campaigns or smear campaigns that could damage the brand.

• NHI (Non-Human Identity) Exposure: ThreatNG's NHI Exposure score identifies and evaluates risks associated with non-human identities, such as API keys and service accounts, that may be used to interact with Brandfolder. It identifies compromised non-human identities and secrets by analyzing sensitive code exposure in repositories and mobile applications.

Investigation Modules

ThreatNG provides several detailed investigation modules to analyze findings, including:

• Cloud and SaaS Exposure: This module would specifically list the Brandfolder instance and its associated digital risks.

• Sensitive Code Exposure: This module searches public code repositories and mobile apps for sensitive data, such as API keys, credentials, and other secrets, that could be used to compromise the Brandfolder platform or its integrations. For example, ThreatNG might find a GitHub repository where a developer accidentally hard-coded a Brandfolder API key, which could allow an attacker to gain read or write access to digital assets.

• Domain Intelligence: This module would identify and group typosquatting domains (e.g., brand-folder.com or brandfoider.com) that could be used for phishing attacks targeting Brandfolder users. It also provides information on email intelligence, which includes email security presence and format prediction, to help a company identify legitimate and fraudulent emails.

Intelligence Repositories

ThreatNG's intelligence repositories, branded as DarCache, provide continuously updated information to power its assessments. For a company using Brandfolder, the relevant repositories would be:

• DarCache Rupture (Compromised Credentials): This repository would be checked for any compromised user credentials associated with the company that could be used to log into the Brandfolder platform.

• DarCache Dark Web: This repository would be scanned for mentions of the company or its use of Brandfolder, including discussions about potential exploits or leaked data.

• DarCache Vulnerability: This repository provides critical context on known vulnerabilities that could affect the Brandfolder platform or its integrations. It includes data from NVD, EPSS, and KEV. This allows a company to prioritize patching efforts on vulnerabilities that pose an immediate and proven threat. It also links to Verified Proof-of-Concept (PoC) Exploits on platforms like GitHub, which helps a security team understand how a vulnerability can be exploited and how to develop effective mitigation strategies.

Reporting and Continuous Monitoring

ThreatNG offers comprehensive reporting, including executive, technical, and prioritized reports. These reports would detail the findings related to the company's use of Brandfolder, including any exposed API keys or instances of brand impersonation. ThreatNG provides continuous monitoring of the external attack surface and security ratings, ensuring that any new risks or exposures related to Brandfolder are detected promptly.

Complementary Solutions

ThreatNG's external, unauthenticated approach complements internal security tools, creating a more comprehensive security program.

• Security Information and Event Management (SIEM): A SIEM solution, like Splunk, collects and analyzes log data from internal systems. If ThreatNG discovers compromised credentials on the dark web, this intelligence can be fed into the SIEM. Then, suppose the SIEM detects a suspicious login attempt to Brandfolder. In that case, it can be correlated with the ThreatNG finding of compromised credentials, providing the security team with a clearer picture of the threat.

• Vulnerability Management Solutions: Internal vulnerability management tools, such as Qualys or Tenable, scan for vulnerabilities inside a company's network. ThreatNG's DarCache Vulnerability intelligence, especially its KEV data, can be used to inform these tools, helping the security team prioritize which vulnerabilities to patch first on their Brandfolder-related infrastructure.

• Identity and Access Management (IAM): An IAM solution, like Duo, manages user identities and access to applications. If ThreatNG discovers a compromised non-human identity, such as an exposed API key for Brandfolder, this information can be used to revoke that credential in the IAM system immediately. This synergy helps address a significant attack vector that is often invisible to internal tools.