Infographic: Defending the New Digital Attack Surface in Three Steps
CISOs come to RiskIQ because they are concerned about the blind spots they have outside of their perimeters, where their digital attack surfaces are most vulnerable. It used to be enough to seal off the datacenter and control access points. However, data is now accessible through web, mobile, and social facing applications, profiles, and content. Attackers can leverage these assets to carry out attacks against brands and penetrate perimeter defenses. Download our newest infographic which visualizes the exposed assets attackers look for outside your firewall.
Securing these digital assets requires a new approach, Digital Footprint Security. The fundamental principles of Digital Footprint Security require the discovery and profiling, inventory, monitoring, and enforcement of all online digital assets.
Digital Footprint Security has its roots in the concept of a ‘digital footprint,’ used to describe digital assets that individuals intentionally release online. Examples include blogs, websites, and content posted to social media sites.
Enterprise digital footprints are massive in comparison to consumer digital footprints and are now part of a company’s digital attack surface. Many of the assets in enterprise digital footprints exist to facilitate online transactions, and those managed by third party vendors are outside the reach of organizations’ security sensors and firewalls.
The New Face of Web Threats
Users are connected to dozens, if not hundreds, of different third party networks during a web session. Many of these networks track interactions, install cookies, serve ads, or worse.
On numerous occasions, the Syrian Electronic Army (SEA) has gained access to major brand name sites by breaching their third party vendors.
Malvertising offers malware authors and pushers, operating on a pay-per-install (PPI) model, a way to massively scale malware distribution efforts in a targeted fashion. Unsurprisingly, we are observing massive growth in malvertising attacks.
Threats Created by Social and Mobile
Cyber attacks can thrive in the array of massively popular social platforms. Scams that impersonate brands or executives are highly lucrative, low risk, and inexpensive to execute.
Mobile is surpassing web as a consumer’s preferred digital channel to make purchases, perform online banking transactions, track medical information and more. As the mobile landscape continues to expand, so do threats.
The Adversary’s Infrastructure
Attack campaigns can be carried out using commodity infrastructure, available via self-service online portals. Effectively, attackers can access endless resources to scale attack campaigns and operate in obscurity. Stopping one part of this infrastructure isn’t enough to prevent an attack. The entire infrastructure must be uncovered and blocked.
How Do CISOs Respond?
To respond to this new wave of cyber threats, CISOs need the ability to profile web, social, and mobile assets and to monitor them from the attacker’s perspective.
RiskIQ provides organizations with the visibility and intelligence needed to secure their Enterprise Digital Footprint and to map their adversaries’ infrastructure. Our products, powered by a global proxy network, virtual user technology, and threat analysis engine, allow organizations to get an actionable and timely picture of both their own and their adversaries’ infrastructure to proactively defend against threats targeting their websites, mobile applications, brands, customers, and employees. It is the most comprehensive combination of point technology, process, and engagement in the industry for tackling this constantly evolving problem.
