<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
search
close

Digital Footprint in External Threat Intelligence

by Sebastiaan Bosman Blog 11 Feb 2021

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

Different types of Threat Intelligence

There are four approaches to (External) Threat Intelligence: strategic, tactical, operational and technical.

  • Strategic ETI: This is the kind of information that is generally less technical. It focusses on the broader insights of digital risks and the threat actors behind them. This approach also takes geopolitical, environmental, and organisational factors into account.
  • Tactical ETI: This is the kind of intelligence that shows what methods threat actors employ to get to their intended goal. Do they work their way in via the supply chain? What data can they be after? It helps determine what to prioritise in terms of mitigation actions or active monitoring.
  • Operational & Technical ETI: Operational and Technical Threat Intelligence share many similarities. They both deal with the types of attacks and their technical aspects. How does ransomware get into the systems and what does it affect? What kind of vulnerabilities or misconfigurations are abused more often? This helps determine the type of tools and infrastructure threat actors use, and how to proactively detect such attacks.

Digital Footprint within the Threat Intelligence landscape

When detecting risks to your brand, there are generally two sides to take into consideration. On the one hand, there are risks and vulberabilities within your own systems. These, you can manage, resolve, and mitigate to limit your organisation’s attack surface. Such risks are within your brand’s Digital Footprint, such as misconfigurations in netblock settings, lacking email security, or expired SSL certificates.

On the other hand, there are threats being directed at your organisation from outside of your control. For example, phishing campaigns or copy-cat social media accounts which mislead or steal from your customers. These external risks also extend to the digital security of the third parties your organisation is connected to.

Automated Threat Intelligence

Naturally, combining the information and risk information from within your organsiation with the external threat intelligence will provide IT Security teams with the best insights and context to manage digital risks.

The drivers for External Threat Intelligence can be put into three categories.

  • Threat evolution
  • Technological evolution
  • Regulatory trends

These three factors all come together in your digital footprint. That is why automating processes such as the asset discovery, vulnerability detection, and risk monitoring benefits both security practices, as well as strategic decision-making. This saves time and resources on an operational level, provides data for better informed governance, and keeps productivity high throughout the entire organisation. 

Cybersprint as External Threat Intelligence provider

Independent research firm Forrester has conducted a study into the External Threat Intelligence Services. Their report of Q4 2020 provides an overview of the providers in the market, helping organisations choose the right service for their needs. Click here to read about the inclusion of Cybersprint in the report.

Digital Footprint compared to 5 security technologies

In this blog, we'll cover our Digital Footprint approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with Digital Footprint. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how Digital Footprint is positioned with regards to External Threat Intelligence.

read more

Digital Footprint in External Threat Intelligence

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

read more

CEO insights: 3 trends for 2021's cybersecurity

The year 2020 has brought us many different events and experiences, all with varying levels of impact. Physical events have impacted the digital world, and cybersecurity incidents have had their effect on the way we live. Remember the Citrix incident early this year? That prohibited many from working remotely, resulting in massive rush hours traffic jams as everyone travelled to the office. Almost the exact opposite of what COVID-19 has done to our way of working. But what does this mean for 2021's cybersecurity? And what evolving threats should you prepare for? Three cybersecurity CEOs share their views, predictions, and tips. 

read more

Do you have a question?

Our experts have the answers

Contact us