Contact us
Request demo →
Contact us
German website
search
close

Attack Surface Management in External Threat Intelligence

by Sebastiaan Bosman Blog 11 Feb 2021

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

Different types of Threat Intelligence

There are four approaches to (External) Threat Intelligence: strategic, tactical, operational and technical.

  • Strategic ETI: This is the kind of information that is generally less technical. It focusses on the broader insights of digital risks and the threat actors behind them. This approach also takes geopolitical, environmental, and organisational factors into account.
  • Tactical ETI: This is the kind of intelligence that shows what methods threat actors employ to get to their intended goal. Do they work their way in via the supply chain? What data can they be after? It helps determine what to prioritise in terms of mitigation actions or active monitoring.
  • Operational & Technical ETI: Operational and Technical Threat Intelligence share many similarities. They both deal with the types of attacks and their technical aspects. How does ransomware get into the systems and what does it affect? What kind of vulnerabilities or misconfigurations are abused more often? This helps determine the type of tools and infrastructure threat actors use, and how to proactively detect such attacks.

Attack surface management within the Threat Intelligence landscape

When detecting risks to your brand, there are generally two sides to take into consideration. On the one hand, there are risks and vulnerabilities within your own systems. These, you can manage, resolve, and mitigate to limit your organisation’s attack surface. Such risks are within your brand’s attack surface, such as misconfigurations in netblock settings, lacking email security, or expired SSL certificates.

On the other hand, there are threats being directed at your organisation from outside of your control. For example, phishing campaigns or copy-cat social media accounts which mislead or steal from your customers. These external risks also extend to the digital security of the third parties your organisation is connected to.

Automated Threat Intelligence

Naturally, combining the information and risk information from within your organisation with the external threat intelligence will provide IT Security teams with the best insights and context to manage digital risks.

The drivers for External Threat Intelligence can be put into three categories.

  • Threat evolution
  • Technological evolution
  • Regulatory trends

These three factors all come together in your attack surface. That is why automating processes such as the asset discovery, vulnerability detection, and risk monitoring benefits both security practices, as well as strategic decision-making. This saves time and resources on an operational level, provides data for better informed governance, and keeps productivity high throughout the entire organisation. 

Cybersprint as External Threat Intelligence provider

Independent research firm Forrester has conducted a study into the External Threat Intelligence Services. Their report of Q4 2020 provides an overview of the providers in the market, helping organisations choose the right service for their needs. Click here to read about the inclusion of Cybersprint in the report.

Uncanny Loggings: How poor data monitoring leads to The Danger Zone

The practice of logging has come a long way over the past few years. It started as a way to demonstrate regulatory compliance and to provide evidence in legal processes, but it has now evolved into being a norm for best security practice and governance evaluation. So what are the most important aspects? How do you start and maintain oversight over your logging capabilities?

read more

Securing critical infrastructure: new regulations mandate control

The name itself says it already: organisations in the critical infrastructure are vital in the services they provide in society. Should something go wrong in their daily operations, it can have severe consequences and disrupt individual people and other companies. That doesn’t necessarily mean they are more often targeted in (cyber-)attacks, but it does pose an extra reason to prevent any successful attack. Such organisations have often been in charge of their own cybersecurity, guided by regulations. Now though, authorities in the EU are starting to intensify their watchful eyes with the RCE directive. What is the EU RCE? And how should critical infrastructure organisations prepare?

read more

Mandatory IT audits: risk scores don’t mean security

More organisations in the Netherlands recognise the need for an active approach to stay in control over their attack surfaces in order to mitigate risks. Every organisation is able to create their own IT security governance and processes. Now, though, a new standard might be introduced in the form of an annual, mandatory IT audit. Is this a development helping businesses further? Or one that doesn’t really add anything other than paperwork?

read more

Do you have a question?

Our experts have the answers

Contact us