Cybersprint Blog

In this blog, we'll cover our attack surface management approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with attack surface management. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how attack surface management is positioned with regards to External Threat Intelligence.

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

The year 2020 has brought us many different events and experiences, all with varying levels of impact. Physical events have impacted the digital world, and cybersecurity incidents have had their effect on the way we live. Remember the Citrix incident early this year? That prohibited many from working remotely, resulting in massive rush hours traffic jams as everyone travelled to the office. Almost the exact opposite of what COVID-19 has done to our way of working. But what does this mean for 2021's cybersecurity? And what evolving threats should you prepare for? Three cybersecurity CEOs share their views, predictions, and tips. 

It's the term we use the most: Attack Surface Management. It is the foundation of your organisation’s digital infrastructure. It’s the starting point of your IT security policies, configuration database management, vulnerability mitigation, and much more. In this blog, we’ll shortly describe what drives the need for an Attack Surface Management solution, share our definition of the term attack surface, and explain how it minimises the risks to your brand.

PostNL is the largest mail order and delivery organisation in the Netherlands, also operating in Belgium and Luxemburg. It has made mail and parcels accessible for over 220 years, growing to become one of the largest private employers in the Netherlands. Over the years, the organisation has grown through expansions, mergers and acquisitions, making its attack surface rather complex. Gunther Cleijn, Cyber Security Officer explains how he and his team work to ensure the security and daily productivity of the organisation. 

Every now and then, there’s a new headline about an organisation hit by a ransomware attack. How parts of their infrastructure and sensitive data was suddenly encrypted, impacting customers, productivity, and their reputation. What would you do in such a situation? Pay the ransom? Or should you never negotiate with criminals?

We know of Software as a Service, where organisations outsource parts of their digital infrastructure to third parties for the sake of improved user experience or increased security, for instance. As a successful business model, it is actually not that shocking something similar is happening in the world of cyber-crime. The people who know how to build ransomware sell their software on the dark web and offer it as Ransomware as a Service (RaaS), turning even rookie cyber-criminals into money-making hackers. How does it work, exactly? And what can you do to protect your systems?

IT governance framework helps to ease everyday processes, increases productivity levels, and scripts what to do in case of an incident. However, creating and implementing an organisation-wide IT governance framework is no easy feat, yet so crucial.

For governmental organisations, it is important to have a clear overview of their attack surface and risks. They need to ensure the right policies are in place when it comes to cybersecurity. To illustrate their challenges, and the benefits of attack surface management, we've interviewed one of our customers from the governmental sector. Rick Verkade, Security and Privacy Specialist at Provincie Overijssel shares his experiences in this interview.