Customizable and Granular Risk Configuration

Customizable and Granular Risk Configuration in the context of cybersecurity refers to the ability of a security system or program to tailor its risk assessment, scoring, and management processes to precisely match an organization's unique business characteristics, operational priorities, and specific risk tolerance.

Customizable Risk Configuration

Customization involves adapting the entire risk model to an organization's strategic needs. This means the system doesn't just use a generic industry baseline; it allows the organization to define what truly constitutes a high, medium, or low risk for them.

Key Aspects of Customization:

• Risk Tolerance Alignment: The system can be configured to align with the organization's Risk Appetite and overall business strategy. For example, a bank might customize its model to place an extremely high weight on risks related to data integrity or unauthorized financial transactions. At the same time, a media company might prioritize risks related to brand damage or content piracy.

• Business Logic Integration: Organizations can inject their specific business logic. This may involve defining which assets are mission-critical (e.g., the primary customer-facing website versus an internal knowledge base) and automatically assigning them higher severity scores when a vulnerability is found.

• Policy Templating: Organizations can create and use pre-built policy templates that reflect regulatory requirements (such as HIPAA or GDPR) or internal mandates, ensuring that new security findings are immediately measured against these specific rules.

Granular Risk Configuration

Granularity means the level of detail at which risk factors can be adjusted and applied. Instead of merely adjusting broad categories, the system allows for fine-tuning individual elements of the risk calculation.

Key Aspects of Granularity:

• Factor Weighting: Users can assign distinct, specific weights to individual risk factors within a single category. For example, within the "Credential Exposure" category, an organization might assign greater weight to exposed administrative credentials than to exposed end-user credentials.

• Dynamic Severity Scoring: The severity of a security finding is not static but changes based on the specific context of the asset it affects. For instance, a common software vulnerability might be scored as "Informational" on an internal testing server but as "Critical" on an externally facing production server.

• Exception Management: The ability to create precise, conditional rules to temporarily or permanently exempt specific assets or findings from the standard risk calculation. These exceptions are typically granular—defined by an asset tag, a specific finding ID, or a date range—rather than broad exclusions that could introduce unmonitored risk.

The combined effect of customizable and granular risk configuration is a Dynamic Risk Scoring mechanism that accurately reflects the real-world impact of a security issue on a specific business, moving beyond standardized metrics toward truly contextualized risk intelligence.

ThreatNG's platform is directly engineered to facilitate Customizable and Granular Risk Configuration through its branded Policy Management feature, DarcRadar (Data Aggregation Reconnaissance Component for Risk Appetite and Representation). DarcRadar allows organizations to align ThreatNG's security findings and scoring perfectly with their unique risk tolerance and business logic.

How ThreatNG Enables Customized and Granular Risk

Policy Management (DarcRadar)

DarcRadar is the core component that enables this capability. It facilitates Customizable and Granular Risk Configuration and Scoring, ensuring the platform's risk assessment reflects the organization's specific needs.

• Customization: DarcRadar allows organizations to align their risk configuration with their specific risk tolerance. For instance, a pharmaceutical company could customize its policy to assign maximum risk severity to any identified vulnerability on a subdomain hosting a platform related to Content Management, like WordPress or Tumblr, or a Knowledge Base like Readme.io if it contains sensitive research data, even if the vulnerability's base score is moderate.

• Granularity: The feature provides granular control over what is investigated and how it is scored. An organization might use DarcRadar's Exception Management to specifically ignore missing X-Content-Type headers on certain legacy subdomains used for internal testing, while applying maximum severity to the same missing header on a critical e-commerce subdomain powered by a Storefront Platform like Shopify. This demonstrates highly granular, context-dependent scoring.

External Discovery and External Assessment

ThreatNG's external assessments generate the precise data points that DarcRadar uses to apply customized, granular scoring.

Examples of Granularity in Assessment Findings:

• Subdomain Intelligence: ThreatNG discovers subdomains and provides highly granular details, such as Exposed Ports (e.g., ports related to Databases like PostgreSQL or Remote Access Services like RDP) and Vulnerabilities on those subdomains. DarcRadar can be configured to score an exposed RDP port as "Critical" only if the associated subdomain uses a specific, outdated technology identified by the Technology Stack module.

• BEC & Phishing Susceptibility: The assessment identifies various Domain Name Permutations and categorizes them, including those using Offensive Language or Critical Language. DarcRadar can be customized to score a permutation as higher risk if it involves "boycott" (Action Calls) rather than a simple typo (bitsquatting), reflecting a greater concern for brand reputation than for simple phishing.

• Cyber Risk Exposure: The assessment identifies specific technical issues, such as Sensitive Code Discovery and Exposure (code secret exposure), and details the lack of automatic HTTPS redirects. A granular policy could be set to apply a "High" risk rating only to missing HTTPS redirects if the subdomain also handles Access Management terms like login or portal.

Intelligence Repositories (DarCache)

DarCache provides the rich, detailed data necessary for policies to have strategic depth, enabling granular risk assessment based on external intelligence.

Examples of Strategic Context for Granular Policy:

• Vulnerabilities (DarCache Vulnerability): This repository integrates technical severity (NVD) with real-world context (KEV, EPSS, and Proof-of-Concept Exploits). A granular policy can be configured to automatically escalate the risk rating of any vulnerability to "Critical" if it appears on the KEV (Known Exploited Vulnerabilities) list and ThreatNG's scan confirms the asset is externally reachable.

• Ransomware Groups and Activities (DarCache Ransomware): Tracking over 70 Ransomware Gangs allows for policies to be customized based on adversary knowledge. A finding of a Compromised Credential (DarCache Rupture) that includes a generic email (e.g., Admin, Security) can be assigned a higher granular risk score if ransom group tracking indicates this group targets those specific roles in its recent campaigns.

Continuous Monitoring and Reporting

Continuous Monitoring is crucial because risk scores configured via DarcRadar are dynamic, not static. If a policy dictates that missing security headers on a specific subdomain should be a "Low" risk, but the subsequent continuous discovery finds that the subdomain is suddenly hosting a third-party application using a heavily weighted Sensitive Code Exposure (e.g., an exposed Stripe API Key ), the risk score will dynamically update to "Critical" based on the granular configuration.

The Reporting function generates Security Ratings (A through F) and Prioritized Reports, which reflect these customized and granular scores, making the output directly relevant and actionable for security leaders.

Cooperation with Complementary Solutions

ThreatNG's policy-driven scoring is valuable because it provides risk intelligence tailored to the organization's appetite.

• Working with Security Orchestration, Automation, and Response (SOAR) Platforms: ThreatNG's customized and granular risk scores, defined in DarcRadar, can be transmitted to a complementary SOAR platform. The SOAR platform can then use these scores to trigger precise automation. For example, any finding that DarcRadar has scored as "High" specifically due to an ESG Violation (e.g., a Safety-related offense) will automatically trigger a ticket routed to the Legal and Compliance teams, rather than just the IT team, streamlining the response to the correct business owner.

• Working with Vulnerability Management (VM) Solutions: ThreatNG can share its dynamic, context-aware risk data with a complementary VM solution. If a vulnerability is found on an asset, the VM solution typically provides a generic score (e.g., CVSS). ThreatNG can inject its Customized and Granular Risk Score into the VM platform, instantly overriding or augmenting the generic score. This forces the VM platform to prioritize assets based on the organization's unique Risk Appetite and Dynamic Entity Management definitions, ensuring remediation efforts focus on the external-facing assets most important to the business.