Key Topics

attack-surface-intelligence

Next-Gen Threat Intelligence: Adding Profound Value to Security and Risk Functions

Defending your organization’s attack surface in today’s threat landscape is a global-scale challenge full of continuously changing elements.

Attacker tools have flooded the web, and advanced adversaries target massive vulnerabilities in ubiquitous systems used across the world. To defend their organizations, security teams need actionable threat intelligence that provides a bird’s eye view of the global attack surface and shows precisely how their organization’s unique Internet relationships fit inside it—and how these relationships are affected by new threats.

Unfortunately, analysts usually aren’t equipped with the threat intelligence they need. Often, they have intel that’s too generic or entirely irrelevant to their organization’s attack surface. And, even if their threat intel is relevant and actionable, applying it across the teams, tools, and systems in their organization is an incredible challenge.

Hamstrung Incident Response

When a major software company announces a vulnerability advisory that includes active exploitation by threat actors, threat intelligence analysts are almost always a step behind. Their initial assessment of a potential threat and its impact on their organization is limited to essentially just reporting the news.

They may be able to acknowledge the CVE, share publicly available information about the attack, and detail the next steps to assess its relevance, exposure, and impact. However, they could likely never answer all the necessary questions to which security executives need immediate answers in the wake of a global-scale vulnerability like SolarWinds or Microsoft Exchange:

  1. Who is behind the attack? What other TTPs or attack vectors should we be concerned about?
  2. What is our exposure? Do we have x product? Is it vulnerable? How quickly do we have to patch? What actions can we take to reduce risk until we are patched?
  3. When did an attack first take place? How far back do we need to look back to determine if we were attacked?
  4. Where else could we be vulnerable from an attack vector perspective? Do we have similar technologies or processes that would mirror this attack path?
  5. How would we have prevented or detected this attack if we were targeted? If we missed the detection, where are our control gaps?

Without threat intelligence that considers an organization’s unique attack surface and an almost infinite amount of external factors, organizations are left with more questions than answers when time is of the essence and incident response must be swift and resolute.

RiskIQ Illuminate Shrinks Global Attacks Down to Size

RiskIQ Illuminate® Internet Intelligence Platform is the only security intelligence solution with deep awareness and continuous graphing for every relationship on the internet. It delivers security intelligence combining attack surface discovery and tailored insights about threats relevant to an organization’s unique digital footprint so analysts can accelerate exposure triage in the wake of a new major attack or vulnerability.

With intelligence from Illuminate, your TI analysts can produce a concise report summarizing available information to date. However, they can also quickly prioritize risks and threats relevant to the organisation’s infrastructure, brands, companies, apps, services, and systems to immediately state how many potentially impacted devices there are and validate them with the threat and vulnerability management teams.

Additionally, teams across the analyst’s organization can access recent intel articles from RiskIQ’s Threat Intelligence Portal, complete with high-fidelity, dynamic IOCs related to a threat actor to share across the security operations center (SOC) instantly.

Tailored Attack Surface Intel, Swift and Confident Response

RiskIQ Illuminate Attack Surface Intelligence offers insights based on RiskIQ’s fully automated discovery capability that continuously uncovers and updates an organization’s unique digital footprint and how it fits into a rapidly evolving global threat landscape. These crucial insights enable security teams to quickly find and eliminate the threats and exposures that matter most.

With Illuminate, your Intel analysts move beyond threat assessments based on public information to get actionable insights that expand visibility into emerging threats and how they affect your organization’s unique attack surface—including those of critical partners and suppliers.

By infusing attack surface insights and global threat indicators into workstreams, technologies, and processes—SIEM to SOAR, EDR, and any other security tools—SOC analysts also have needed insight into adversary infrastructure to rapidly investigate threats.

How else does RiskIQ Illuminate supercharge analysts?

RAPID TRIAGE, PRECISION RESPONSE

Reputation scoring and one-click lookups across the open internet and deep/dark web, removing the guesswork from threat intelligence. Get precise insight and meaningful outcomes at scale.

NEWLY OBSERVED HOSTS AND DOMAINS

RiskIQ’s automated discovery and continuous graphing identify new hosts and domains relevant to you. Increase protection coverage with intelligent defenses, fed by active streams of new and changing threats to your digital footprint.

MALWARE AND PHISHING INTELLIGENCE

Active and historic threat indicators in RiskIQ Illuminate are based on malicious activity, behavior, and relationships. Access feeds for domains, hosts, IPs, and URLs connected and associated with malware or phishing.

Real-time intelligence from RiskIQ Illuminate derived from both the enterprise attack surface and adversary infrastructure is key to prioritizing, analyzing, and triaging the new breed of pervasive, massive-scale threats currently wreaking havoc on the global community. Security intelligence fortified with trillions of observations of an organization’s unique attack surface and threat groups targeting it evolves alongside the threat landscape. This context prioritizes the most critical exposures, future-proofs security programs against emerging threats, and optimizes precious security resources.

By Team RiskIQ, May 2021