Intelligent SME.tech Issue 12 - Page 45

intelligent

// END-USER INSIGHT // technology ecosystems are expanding in size and frequently changing in nature . Being able to continuously keep track of where these assets might be hosted and the vulnerabilities and threats that they are exposed to has become a very complex proposition .

How spiderSilk helps organisations tackle some of these challenges
We are driven by a simple idea . The more we can make attack surface management mainstream , the harder we make it for cybercriminals to find assets to exploit .
We knew first-hand that security teams are stretched thin , so we needed to build a platform that could provide them with aircover and support . We had to help them achieve comprehensive visibility with zero effort or input from their end .
We help uncover the ‘ unknown unknowns ’ – assets that you might not have even been aware of , sitting out there on the open Internet and publicly exposed . But also visibility of where all the assets reside , geographically , as well as by cloud provider , or data centre .
Once that visibility has been achieved and maintained around the clock , we go through the threat assessment part of the platform , which runs a host of standardised and nonstandardised threat assessments against all the assets that belong to that organisation .
We have a team of dedicated security researchers that are constantly researching the latest hacking methodologies that malicious actors are using . We analyse these , reverse engineer them and include them into our Threat Assessment Engine which then allows us to detect some of these threats that are specific to certain technology stacks . This is where the magic happens and how we have so far helped blue chip companies protect the data of over 120 million people from exposure .
But as previously mentioned , this problem is no longer centric to large companies but affects any entity that is digital enabled or Internet facing . With that in mind we focused on making the platform entirely autonomous so even companies with resource constraints can rely on having an external , 24 / 7 partner to rely on for cybersecurity so they can focus on other areas of their business and security .
spiderSilk technology use cases
The most important one is the comprehensive visibility and there are many examples of where we ’ ve alerted global organisations to the existence of certain assets that they weren ’ t even aware existed .
Second is third party risk . Many solutions that manage or report on third party risk depend on user and customer inputs to be able to monitor these assets and relationships . By continuously scanning the entire Internet and only using the name of the organisation for attribution , we ’ re not only able to pick-up all your assets but also ones that are by third parties or contractors and through which you may be exposed .
Third is misconfiguration . Simple misconfigurations , like a server sitting with a standard password or without a password protection , or any form of other misconfiguration , led to more than half of data leaks last year .
The fourth use case is what we call the noncoded threads . These are typically either business logic flaws or integration flaws that might leave data exposed if undetected and these non-coded threats are not covered by existing solutions .
Finally , we also detect source code leakage , which can include either exposed credentials or other sensitive information that might be damaging to the organisation .
Setting spiderSilk apart from other businesses
With our attack surface management platform , Resonance , the only thing that we require from the customer is the name of the organisation . Once that ’ s entered into the system , our platform is able to scan the entire Internet – more than 4.2 billion IP addresses on a continuous basis .
Through that scan we ’ re able to attribute which assets out there belong to your organisation and that starts to build your asset directory . And that ’ s fundamentally different

DIGITAL FOOTPRINTS KEEP INCREASING , WHICH MEANS THAT THERE ARE SIGNIFICANTLY MORE ENTRY POINTS AND VULNERABILITIES FOR CYBERCRIMINALS TO EXPLOIT .
Intelligent SME . tech
. tech
45