Zero-Input Discovery
Zero-Input Discovery is a cybersecurity approach that identifies and maps an organization's digital assets and potential attack surface without requiring any initial data or "seeds" from the organization.
Here's a more detailed explanation:
Core Idea:
Zero-Input Discovery systems autonomously explore and map an organization's external footprint instead of relying on a predefined list of assets (like IP address ranges, domain names, or installed software). They start with minimal information, often just the organization's name, and then progressively discover related assets.
How it Works:
Initial Footprint: The system begins by gathering publicly available information to establish an initial understanding of the organization's online presence. This involves techniques like:
OSINT (Open Source Intelligence): Collecting data from sources like domain registration records (WHOIS), DNS records, search engine results, and public websites.
Autonomous Exploration: The system then uses this initial information to actively and automatically discover more assets:
DNS Enumeration: Identifying subdomains and related domains.
Network Scanning: Probing for open ports and services on discovered IP addresses.
Web Crawling: Following links and exploring websites to find associated applications and infrastructure.
Iterative Process: The discovery process is iterative. Each newly discovered asset provides clues for finding additional assets, leading to a more comprehensive map of the organization's digital footprint.
Key Characteristics:
No Predefined Inputs: It doesn't need initial lists of assets the user provides.
External Perspective: It views the organization's assets from the outside, like an attacker would.
Automated Process: It relies heavily on automation to discover and map assets.
Focus on Connectivity: It emphasizes understanding how different assets are connected and related.
Benefits for Cybersecurity:
Comprehensive Visibility: It can uncover "shadow IT" or forgotten assets that traditional methods might miss.
Attacker Emulation: It provides a realistic view of what an attacker can see and target.
Reduced Configuration: It simplifies the setup and maintenance of asset discovery processes.
ThreatNG is a robust platform that significantly enhances an organization's ability to manage its external attack surface. Let's explore its key capabilities:
ThreatNG excels in external discovery by using a "seedless" approach.
It can perform purely external unauthenticated discovery using only a domain and organization name, eliminating the need for connectors or prior knowledge of your infrastructure.
This is a massive advantage as it allows ThreatNG to automatically map your entire external-facing presence, uncovering assets you might not even know.
ThreatNG's external assessment capabilities are comprehensive and provide in-depth insights into various risk areas:
Web Application Hijack Susceptibility: ThreatNG analyzes the externally accessible parts of your web applications to identify potential entry points for attackers.
For example, it can assess the strength of login pages against credential stuffing attacks or detect vulnerabilities like Cross-Site Scripting (XSS).
Subdomain Takeover Susceptibility: ThreatNG assesses the risk of unauthorized parties taking over subdomains.
It analyzes subdomains, DNS records, and SSL certificate statuses to find weaknesses that could be exploited.
BEC & Phishing Susceptibility: ThreatNG evaluates your susceptibility to Business Email Compromise (BEC) and phishing attacks.
It does this by considering factors like sentiment, financial data, domain intelligence (including checks for similar-looking domains), and compromised credentials found on the dark web.
Brand Damage Susceptibility: ThreatNG assesses the risk to your brand's reputation.
It analyzes your attack surface, digital risk, ESG violations, public sentiment, financial information (like lawsuits and SEC filings), and potential for domain impersonation.
Data Leak Susceptibility: ThreatNG helps you understand the risk of leaking sensitive data.
It examines your external attack surface, digital risk, dark web presence (for compromised credentials), domain intelligence, and financial/legal disclosures to find potential exposures.
Cyber Risk Exposure: ThreatNG calculates your overall cyber risk.
It considers factors like certificate issues, subdomain vulnerabilities, exposed ports, and sensitive data in code repositories.
It also evaluates your cloud/SaaS exposure and any compromised credentials.
ESG Exposure: ThreatNG assesses your vulnerability to Environmental, Social, and Governance (ESG) risks.
It analyzes media sentiment and financial data to identify potential ESG-related offenses.
Supply Chain & Third-Party Exposure: ThreatNG helps you understand the risks your vendors and partners introduce.
It identifies the technologies they use and assesses your cloud and SaaS dependencies.
Breach & Ransomware Susceptibility: ThreatNG evaluates your likelihood of experiencing a data breach or ransomware attack.
It considers your attack surface, dark web activity (such as ransomware gang activity and compromised credentials), and financial disclosures (such as SEC Form 8-Ks).
Mobile App Exposure: ThreatNG analyzes your mobile apps for security vulnerabilities.
It discovers your apps in various marketplaces and examines them for exposed credentials, security keys, and platform-specific identifiers.
Positive Security Indicators: ThreatNG goes beyond just finding problems; it also highlights your security strengths.
It can detect and validate the effectiveness of security controls like Web Application Firewalls and multi-factor authentication.
ThreatNG provides a variety of clear and actionable reports, including:
Executive summaries
Technical reports
Prioritized lists of risks
Security ratings
Inventory reports
Ransomware susceptibility reports
Analysis of U.S. SEC filings
These reports are enhanced with a built-in knowledge base that provides:
Risk levels for prioritization
Reasoning behind the findings
Practical recommendations for remediation
Links to additional resources
ThreatNG continuously monitors your external attack surface, digital risks, and security ratings, providing ongoing awareness of your security posture.
ThreatNG's investigation modules provide robust solutions for in-depth analysis:
Domain Intelligence: This module offers a wealth of information about your domains, including:
Domain Overview (digital presence, bug bounty programs)
DNS Intelligence (DNS records, domain name permutations)
Email Intelligence (email security presence, format predictions)
WHOIS Intelligence (WHOIS analysis)
Subdomain Intelligence (extensive details about subdomains, technologies used)
IP Intelligence (IP information)
Certificate Intelligence (TLS certificates)
Social Media (organization's posts)
Sensitive Code Exposure: This module discovers public code repositories and identifies exposed credentials, API keys, and other sensitive information.
For example, it can find hardcoded AWS credentials in a GitHub repository.
Mobile Application Discovery: This module discovers your mobile apps in marketplaces and analyzes them for security vulnerabilities.
For instance, it can detect hardcoded API keys within a mobile app.
Search Engine Exploitation: This module helps you assess how easily information can be exposed through search engines.
It analyzes website control files (like robots.txt and security.txt) and identifies potential search engine attack surfaces.
Cloud and SaaS Exposure: This module identifies your sanctioned and unsanctioned cloud services, potential cloud impersonations, exposed cloud storage, and SaaS applications.
Online Sharing Exposure: This module identifies your organization's presence on code-sharing platforms.
Sentiment and Financials: This module provides insights into lawsuits, layoff chatter, SEC filings, and ESG violations related to your organization.
Archived Web Pages: This module helps you discover archived versions of your web pages and data.
Dark Web Presence: This module tracks mentions of your organization on the dark web and associated ransomware activity and compromised credentials.
Technology Stack: This module identifies the technologies used by your organization.
ThreatNG uses a wealth of intelligence repositories to enrich its analysis, including data on:
The dark web
Compromised credentials
Ransomware events and groups
Known vulnerabilities
ESG violations
Bug bounty programs
SEC filings
Mobile apps
Working with Complementary Solutions
ThreatNG is designed to work alongside your existing security tools:
SIEM (Security Information and Event Management) systems: You can feed ThreatNG's findings into your SIEM to correlate external risks with internal events for a more holistic view.
For example, if ThreatNG detects compromised credentials, your SIEM can then monitor for suspicious logins using those credentials.
Vulnerability Management Tools: ThreatNG's external vulnerability assessments can complement your internal scanning
For example, ThreatNG might identify an exposed web application, which your vulnerability scanner can then analyze more in-depth.
SOAR (Security Orchestration, Automation, and Response) Platforms: You can use ThreatNG's data to automate security responses.
For instance, if ThreatNG detects a potential phishing domain, your SOAR platform can automatically block access to that domain.
Identity and Access Management (IAM) Systems: Integrate ThreatNG's compromised credential detection to trigger actions like password resets or multi-factor authentication enforcement.
By providing comprehensive external visibility, in-depth risk assessments, and seamless integration capabilities, ThreatNG empowers organizations to proactively manage their external attack surface and significantly improve their security posture.
