<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Attack Surface Management in External Threat Intelligence

by Sebastiaan Bosman Blog 11 Feb 2021

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

Different types of Threat Intelligence

There are four approaches to (External) Threat Intelligence: strategic, tactical, operational and technical.

  • Strategic ETI: This is the kind of information that is generally less technical. It focusses on the broader insights of digital risks and the threat actors behind them. This approach also takes geopolitical, environmental, and organisational factors into account.
  • Tactical ETI: This is the kind of intelligence that shows what methods threat actors employ to get to their intended goal. Do they work their way in via the supply chain? What data can they be after? It helps determine what to prioritise in terms of mitigation actions or active monitoring.
  • Operational & Technical ETI: Operational and Technical Threat Intelligence share many similarities. They both deal with the types of attacks and their technical aspects. How does ransomware get into the systems and what does it affect? What kind of vulnerabilities or misconfigurations are abused more often? This helps determine the type of tools and infrastructure threat actors use, and how to proactively detect such attacks.

Attack surface management within the Threat Intelligence landscape

When detecting risks to your brand, there are generally two sides to take into consideration. On the one hand, there are risks and vulnerabilities within your own systems. These, you can manage, resolve, and mitigate to limit your organisation’s attack surface. Such risks are within your brand’s attack surface, such as misconfigurations in netblock settings, lacking email security, or expired SSL certificates.

On the other hand, there are threats being directed at your organisation from outside of your control. For example, phishing campaigns or copy-cat social media accounts which mislead or steal from your customers. These external risks also extend to the digital security of the third parties your organisation is connected to.

Automated Threat Intelligence

Naturally, combining the information and risk information from within your organisation with the external threat intelligence will provide IT Security teams with the best insights and context to manage digital risks.

The drivers for External Threat Intelligence can be put into three categories.

  • Threat evolution
  • Technological evolution
  • Regulatory trends

These three factors all come together in your attack surface. That is why automating processes such as the asset discovery, vulnerability detection, and risk monitoring benefits both security practices, as well as strategic decision-making. This saves time and resources on an operational level, provides data for better informed governance, and keeps productivity high throughout the entire organisation. 

Cybersprint as External Threat Intelligence provider

Independent research firm Forrester has conducted a study into the External Threat Intelligence Services. Their report of Q4 2020 provides an overview of the providers in the market, helping organisations choose the right service for their needs. Click here to read about the inclusion of Cybersprint in the report.

Editorial: Exchange CVEs: The Response Plan Gap

It’s been two weeks since Microsoft released a patch for the Exchange vulnerabilities. For many, the dust has settled. Others are still fighting fires. Today, I’d like to look back at some of the problems we saw. Some were expected, other surprised us. I’ll go over them, and give tips on how these problems can be avoided in the future.

read more

Editorial: Supply chain attacks

Today, supply chain attacks are as abundant as they are elusive. However, as many parties communicate about the dangers and their technical solutions, not much is said about the basics of supply chains attacks. I have written this article based on my personal experiences knowledge on the subject. I hope it answers most of your questions about the topic, so that you have a solid basis to expand your supply chain security from.

read more

Attack Surface Management compared to 5 security technologies

In this blog, we'll cover our attack surface management approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with attack surface management. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how attack surface management is positioned with regards to External Threat Intelligence.

read more

Do you have a question?

Our experts have the answers

Contact us