Expanding the Threat Surface

An unexpected casualty of modern perimeter dissolution is that PowerPoint depictions of your threat surface are harder to draw. Back in the Awesome Nineties, you would simply drop a no-fill circle onto a network schematic, and then stretch the thing into an egg shape around the servers and workstations. The resulting graphic made enterprise security seem like a total lay-up.

Today, however, any sketch of your enterprise threat surface looks like an octopus on a hybrid cloud architecture with unclear boundaries. (I still can’t find the right PowerPoint object to draw a decent octopus.) The resulting ragged edge implies that enterprise protections require expanded scope to properly manage internal and external threats – and today, this means web, social, cloud, and mobile.

I had this concept in mind during a recent discussion with Lou Manousos, CEO and Founder of RiskIQ. I’d been re-introduced to the company by my colleague Yevgeniy Vahlis from Georgian Partners. Yevgeniy correctly presumed that I’d be interested in better understanding how to achieve greater external threat focus, since we’d worked together for years reducing security risk across complex infrastructure with unclear boundaries.

The RiskIQ approach to digital threat management is designed to highlight, amidst the chaos of the Internet, which exposures directly affect a business, because focusing solely inward on threat no longer suffices. “Our solution extends visibility and control for organizations outside the firewall, and into the fold of security operations,” Lou explained. “This is more than just threat intelligence data feeds, it is about offering the insight and automation necessary to deal with targeted threats more efficiently.”

The technical aspects of covering web, mobile, cloud, and social risk will differ based on the specific external services of interest (e.g., Facebook, LinkedIn, etc.). As organizations have built their digital presence, it thus becomes nearly impossible to identify exposures and mitigate risk across each of these external channels without automation. RiskIQ offers a reconnaissance, intelligence, and mitigation-based platform to accommodate these infrastructure differences.

Lou explained that the RiskIQ platform not only monitors threats, but also automates interpretation of exploits, actors, and the digital ecosystem. This is achieved via an active/passive interface with websites, mobile stores, and social media networks. Using virtual crawling technology and a global proxy network, the platform can identify active threats and proactively mitigate problems detected based on analyzing trends within the intelligence.

An additional data source offering improved visibility involves open data collected on the Internet. For example, the goal of reducing spoofed domain risk, phishing attacks, and fraudulent user activity on websites is greatly eased via digital threat management. The external data provides a natural complement to adjacent mitigations such as email DMARC.

You’ve heard this before, but let me say it again: It’s time to expand your digital threat horizons beyond the perimeter firewall. Relevant security issues exist in web, mobile, cloud, and social – outside your normal enterprise – that affect your posture. It is thus immature for any enterprise security team to view security analytics as complete without hooking into these expanded sources of information – and RiskIQ offers a platform that will help you.

Have a look at this emerging approach and let me know your experience.