Last Updated on September 30, 2024
Attack surface management is an up-and-coming security domain focused on proactively identifying and alerting on cyber threats and risks across a company’s ever-expanding internet-connected “footprint”: web servers, network devices, IoT gadgets, your vendors’ environments, unknown/shadow IT systems, “rogue” assets pointed at your business or its key executives, and so on and on.
What are some of the hottest attack surface management capabilities and approaches? How far down the cybercrime rabbit hole can these tools and services go?
To share the latest insights on the evolving attack surface management market space, a recent episode of The Virtual CISO Podcast features Steve Ginty, Director of Threat Intelligence at RiskIQ. The show is hosted by John Verry, Pivot Point Security’s CISO and Managing Partner.
Getting your white gloves dirty
The RiskIQ platform does have dark web monitoring capabilities. But, as Steve explains, it’s largely up to the customer to wield them.
“We have a white-glove service that provides that kind of deeper dive into those types of dark web forums and monitoring,” Steve explains. “And there’s some configuration ability with our platform itself to allow you to monitor for keywords, and social media profiles, and different things that give you that view into dark web forums.”
As Steve notes, to really get strong security value from forays to the dark side, you need focused intelligence requirements to separate the noise from the data.
“That usually works best when one of our analysts sits down with a customer to understand really what the aim of their program is, so that we can then tailor the system to collect and alert them on things of interest,” advises Steve.
Attack surface management takes a platform plus services
Because an organization’s attack surface is potentially so large, multi-faceted and dynamic, managing it benefits from a combination of technology and services.
“We take the approach of a SaaS platform with additional ability to add professional services,” Steve states. “We obviously have a big account team and support team that helps you onboard and configure and all those things as a part of getting the platform into your organization. As it moves into operationalizing that data on a daily basis, you have your account management team that can help. But if you’re looking for a much more tailored approach, we have those services to go along with it.”
“We are trying to map IPs associated with organizations, as well as web properties, social media—really anything that could be used on the internet that bad actors could target your brand with,” clarifies Steve. “We’re going beyond just IP analysis and port and service analysis, which is very important from the vulnerability side, but also the broad-scale crawling of webpages to understand malicious injections for credit card skimming or tweets or social media posts that are impersonating a bank or an executive of an organization. So, really trying to provide full visibility to an organization on threats on the internet.”
What’s Next?
Considering the benefits of attack surface management for your business? To listen to the complete episode with Steve Ginty, click here: EP#69 – Steve Ginty – Can You Benefit From Attack Surface Management? – Pivot Point Security
Want more content on managing cybersecurity risk? Check out this podcast episode on data breach monitoring with Josh Amishav-Zlatin at BreachSense: https://pivotpointsecurity.com/podcasts/ep57-is-your-business-safe-w-josh-amishav-zlatin/
Let CBIZ Pivot Point Security monitor the dark web (or darknet) for information related to your organization. We’ve helped organizations “discover information about a pending merger/ transaction that wasn’t public knowledge. Upon further research, it was discovered that an executive was backing his work files up on a home server that wasn’t secured” “For an energy company we found templates of their current payment statements circulating on a dark web”. We utilize the most comprehensive darknet data commercially available to perform research, monitoring and alerting of darknet data.