Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
In this video we’ll be discussing Digital Footprint Risk Reporting.
This is how digital Risk Reporting works.
An organization’s Digital Footprint is analyzed and a digital footprint risk reporting score is created.
As security remediation are performed, those new changes are reflected in the organizations digital footprint.
This causes a change in the risk reporting score.
As these changes are tracked over time it will show how effective an organization’s security program is doing.
Let me help you understand digital footprint risk reporting.
Digital Footprint Risk Reporting is broken down into four sections, Risk Reporting Overview, Threat Indicators, Security posture, and Metrics (44 metrics). (high level breakdown of each section.)
The Risk Reporting Overview section is an organization’s overall risk it is broken down into threat indicators and security postures.
Each of those sections can be drilled into to see why the score was derived.
Threat indicators are active observations of malicious or suspicious activity on an organization’s digital footprint. Assets flagged in this area should be immediately investigate and remediated to improve your organizations security risks.
Threat indicators are security issues sourcing from your organization’s assets that are part of your digital footprint.
Security Posture is a measurement of the maturity and complexity of an organization’s security program based on analysis of the external facing assets that comprise their Digital Footprint.
It is comprised of technical and non-technical policies and best practices, processes, and controls that mitigate risks of external threats on your Digital Attack Surface.
These can be vulnerabilities in frameworks, operating systems, open ports, expired SSL certificates or out of date algorithms in use.
Under security posture we see website CVE exposure has a score of 17 and it is red.
Let’s drill into CVE exposure and see underlying components of this score.
Drilling down into Website CVE Exposure we see the breakdown of the components for the organization.
We see that we have 208 websites with a critical scored CVE.
234 have been scored high
271 have been scored medium
207 have been scored low
Let’s examine Website with a critical Scored CVE.
Let’s examine an asset that is running an outdated ASP.NET 2.0 framework, the current ASP.NET framework should be 4.0
Let’s drill into one of these asset and see all of the web components and what CVE’s are associated with this asset.
— click on web components
Here we see the outdated ASP .Net 2.0 framework.
— click on CVE
Now let’s look at the CVE information.
Here are all of the CVE’s associated with this asset.
This information can be updated from the inventory.
If you click in the box next to the CVE number you can modify the information with a response.
— click on the box and modify CVE
CVE’s can be marked as
Compensating Control Applied
Or Not Applicable.
Once the changes have been applied this will change the organizations digital footprint which will cause a change it the organizations digital risk reporting score.
Now let’s look at the organization’s entire inventory and see all assets running the outdated ASP .Net 2.0 framework.
From Inventory we expand websites, then framework, and click on the check box next to ASP.NET 2.0.
This will filter the inventory to only show the outdated framework on all assets in the inventory.
Here we can see we have 41 assets running this outdated framework. If the organization updated these web servers to ASP .net version 4.0 then when the assets are updated in their digital footprint it would improve their security posture and improve their organization risk reporting score.
Digital Footprint Risk Reporting allows Security leadership to understand trends with regard to risk and security posture over time, they will be able to see tangible results from their investment in digital threat management.