Contact us
Request demo →
Contact us

Attack Surface Management in External Threat Intelligence

by Sebastiaan Bosman Blog 11 Feb 2021

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

Different types of Threat Intelligence

There are four approaches to (External) Threat Intelligence: strategic, tactical, operational and technical.

  • Strategic ETI: This is the kind of information that is generally less technical. It focusses on the broader insights of digital risks and the threat actors behind them. This approach also takes geopolitical, environmental, and organisational factors into account.
  • Tactical ETI: This is the kind of intelligence that shows what methods threat actors employ to get to their intended goal. Do they work their way in via the supply chain? What data can they be after? It helps determine what to prioritise in terms of mitigation actions or active monitoring.
  • Operational & Technical ETI: Operational and Technical Threat Intelligence share many similarities. They both deal with the types of attacks and their technical aspects. How does ransomware get into the systems and what does it affect? What kind of vulnerabilities or misconfigurations are abused more often? This helps determine the type of tools and infrastructure threat actors use, and how to proactively detect such attacks.

Attack surface management within the Threat Intelligence landscape

When detecting risks to your brand, there are generally two sides to take into consideration. On the one hand, there are risks and vulnerabilities within your own systems. These, you can manage, resolve, and mitigate to limit your organisation’s attack surface. Such risks are within your brand’s attack surface, such as misconfigurations in netblock settings, lacking email security, or expired SSL certificates.

On the other hand, there are threats being directed at your organisation from outside of your control. For example, phishing campaigns or copy-cat social media accounts which mislead or steal from your customers. These external risks also extend to the digital security of the third parties your organisation is connected to.

Automated Threat Intelligence

Naturally, combining the information and risk information from within your organisation with the external threat intelligence will provide IT Security teams with the best insights and context to manage digital risks.

The drivers for External Threat Intelligence can be put into three categories.

  • Threat evolution
  • Technological evolution
  • Regulatory trends

These three factors all come together in your attack surface. That is why automating processes such as the asset discovery, vulnerability detection, and risk monitoring benefits both security practices, as well as strategic decision-making. This saves time and resources on an operational level, provides data for better informed governance, and keeps productivity high throughout the entire organisation. 

Cybersprint as External Threat Intelligence provider

Independent research firm Forrester has conducted a study into the External Threat Intelligence Services. Their report of Q4 2020 provides an overview of the providers in the market, helping organisations choose the right service for their needs. Click here to read about the inclusion of Cybersprint in the report.

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us