Why IP Discovery Is The Best First Step For CISOs

What’s the best first step for CISOs when they have just started at a business? If you follow the NIST cybersecurity framework, and many other recommended processes, that step is to IDENTIFY.

According to Gene Abramov, CEO of US-based Depth Security “A new CISO needs to understand what the real-world security posture of the organization is. Not the perceived posture, or all the things the organization seems to be doing well from a security perspective […] but the no-holds-barred truth of what the organization looks like right now from all perspectives.”

Hitachi Systems Security, and Gartner, agree. In an article exploring how to succeed in the first 100 days of being a CISO, the number one step is to take inventory “The more information you gather about the current situation, the more successful you will be in addressing challenges and proposing sustainable solutions.”

Organisations need a way of continually mapping their attack surface area – the information assets that the cybercriminals can see.

For smaller organisations this might be simple enough as a manual process of looking around your work space and asking a co-worker or two. But how would you start if you were a world-leading information business with operations in a hundred or more countries across the globe and decades of re-organisations and acquisitions?

What is IP Discovery?

IP Discovery is like an Internet Fire Watch Tower, a place to go to get a view of a network in its public setting, with a view of the surroundings and an understanding of the exposure, or vulnerabilities, of that network to threats from outside.

Watch Tower

IP Discovery combines a highly scalable “internet searchlight” that iteratively scans IP and domain address space, identifies computing devices, fingerprints them, and then can X-Ray websites, for example, looking for links to other sites, IP addresses, domains or trademarks. It takes snapshots of pages to create a timeline as sites change.

How long does IP Discovery take?

Scanning is done at a pace to meet the organization’s timescale requirements without triggering security alerts or impacting the operational performance of Internet-facing services. For very large projects it could take several weeks initially, but then go into a monitoring state where the enriched data could be kept up to date by real-time monitoring looking for changes – perhaps new networks, applications, or domain registrations associated with certain trademarks.

IP Discovery can alert you to:

  • Your public servers using old or unpatched versions of server software
  • Critical third party applications (eg. SaaS, payroll) used by your business that are not protected by your DDoS mitigation or cloud security
  • AWS, Azure, or other cloud services unexpectedly exposing data associated with your company or other assets
  • Any domains or IP assets that appear in anti-spam blacklists, or on hacker forums
  • Test servers, temporary systems, legacy portals, trial services and other potentially unmonitored ways into your business
  • Phishing websites using SSL certificates mentioning one of your brands or domains even if they are not yours
  • Your exposure to risks via third party networks and service providers

activereach has the skills, capabilities, and the platforms to understand what businesses of all shapes and sizes need from their security systems. Contact us on 0845 625 9025 now or visit our web page to find out more about IP Discovery and our IP-Discovery SuiteTM.