ThreatNG Security has undergone significant enhancements in the past 12 months, solidifying its position as a leading external attack surface management, digital risk protection, and security ratings solution. Here’s a breakdown of the key additions and improvements:

Domain Intelligence:

• Web Application Firewall (WAF) Discovery and Identification: ThreatNG now detects and identifies WAFs protecting web applications, providing valuable insights into an organization’s security posture.

• Microsoft Entra (Azure Active Directory) Domain Identification and Enumeration: Expanded capabilities to identify and enumerate domains associated with Microsoft Entra (Azure AD), giving a deeper understanding of an organization’s identity and access management infrastructure.

• Web3 Domains Identification: ThreatNG now identifies Web3 domains, including those that are taken and available, providing visibility into an organization’s decentralized web presence.

• Vendor and Technology Identification Extended Coverage and Accuracy: Improved accuracy and expanded coverage for identifying vendors and technologies used by organizations, enabling better insights into their technology stack and potential vulnerabilities.

• Subdomain Infrastructure Exposure: Enhanced capabilities to identify exposed applications, services, databases, IoT devices, embedded systems, and network infrastructure within subdomains, providing a comprehensive view of an organization’s external attack surface.

• API Discovery Enhancements: Improved API discovery capabilities enable organizations to understand better and manage their API exposure.

Online Sharing Exposure:

• Expanded Coverage of Additional Sharing Repositories: ThreatNG now investigates a broader range of online sharing repositories, providing increased visibility into potential data leaks and brand risks.

Cloud and SaaS Exposure:

• Expanded External SaaS Identification: Enhanced capabilities to identify externally exposed SaaS applications, providing a more comprehensive view of an organization’s SaaS usage and associated risks.

Technology Stack:

• Expanded External Technology Stack Identification: Improved identification of externally exposed technologies used by organizations, providing valuable insights into their technology stack and potential vulnerabilities.

Sentiment and Financials:

• Securities and Exchange Commission (SEC) Cybersecurity Risk and Oversight Disclosures Analysis and Reporting: ThreatNG now analyzes and reports on SEC filings, explicitly focusing on cybersecurity risk and oversight disclosures. This provides valuable insights into publicly traded companies’ security postures and risk management practices.

Ransomware Group Intelligence:

• Extended Coverage of Over 70 Groups and their Activities: Expanded coverage of ransomware groups and their activities, providing up-to-date intelligence on ransomware threats and trends.

Mobile Application Intelligence:

• Mobile App Discovery and Intelligence Repository of Mobile App Attack Surface: ThreatNG now discovers mobile apps within various marketplaces and maintains an intelligence repository of mobile app attack surfaces, providing insights into potential mobile app vulnerabilities and risks.

New Intelligence Repositories:

• Bug Bounty Program Intelligence Repository: A new repository providing insights into bug bounty programs, including in-scope and out-of-scope vulnerabilities, enabling organizations to understand better and manage their vulnerability disclosure programs.

• United States SEC Form 8-K Intelligence Repository: A new repository providing access to SEC Form 8-K filings, which disclose significant events and material information about publicly traded companies, enabling organizations to stay informed about potential risks and opportunities.

Supply Chain and Third-Party Exposure Assessment:

• Expanded Coverage and Accuracy Enhancements: Improved accuracy and broadened coverage for assessing supply chain and third-party exposures, providing organizations with a more comprehensive view of their external risks.