Like real-world warfare, which evolved from confronting enemies on confined battlefields with clearly marked battle lines to widespread conflicts spanning the entire globe, the cyber battlefield has grown exponentially in size and scope, from within the confines of the firewall to traversing the whole internet.
Despite this sprawl, CISOs still spend significant money securing their perimeter, employing an average of 35 tools to do so. But this is mostly a reactive approach, and it no longer works. The problem is, in this new age of cyber attacks targeting organizations on the open internet, it doesn't make sense to dig in and wait for the enemy to come to you because there are no more battle lines to defend.
The organizations finding success on today's cyber battlefield are the ones spending on surveillance and reconnaissance tools that show them their digital presence the way it looks to attackers, a collection of far-flung digital assets hackers can discover as they research their next threat campaigns. Millions of these digital assets appear on the internet every day, most of which are entirely outside the scope of organizations' cybersecurity visibility. These can include legitimate items, but also threats like unknown or fraudulent business assets created to look legitimate including mobile apps that have been compromised to distribute malware, domain and brand infringement, unknown and unmonitored web properties and systems, and imposter social media accounts.
The tools providing insight and visibility into these assets leverage internet data to discover everything associated with an organization on the internet, both legitimate and malicious, and monitor them for compromise to help bring the massive scope of an attack surface into focus. Think of it as the digital version of eyes in the sky that unmanned drones provide modern soldiers. With this view, organizations can take a proactive approach to defend their organizations and, if necessary, take the fight to the enemy rather than waiting to be breached.
Consider the recent breach of Ticketmaster, which RiskIQ discovered wasn't an isolated incident, but a worldwide digital credit card-skimming campaign by Magecart that affected tens of thousands of e-commerce sites by hacking third-party components. The affected brands had no visibility into the code running on their website, so they were unaware and powerless to protect their customers, many of which had their data stolen directly from the site as they input their payment information. However, when brands understand what they look like from the outside-in, they can begin developing a digital threat management program that allows them to discover everything associated with their organization on the internet, including third-party code on their site.
As cybersecurity operations become more advanced, they require the data needed to instantly enrich incidents and process, correlate, and respond to suspicious events within their organizations. By using the RiskIQ platform, organizations can optimize data use across teams for incident response, SOC, and vulnerability analysis to programmatically defend against threats to their environment. Leveraging the insight, automation, and protection of our Digital Threat Management Platform, RiskIQ customers reduced costs of cybersecurity team investigations by up to 75 percent, from cut time and resources needed to respond to threats, exploits, and cyber adversaries.
Do you lack visibility into your organization's internet-exposed attack surface? Contact us today for a personalized demo and find out what your company looks like to hackers as well as how your team can address threats like Magecart.
Dan is RiskIQ's President and Chief Operating Officer. Read more about his recent arrival to RiskIQ here.