If it’s one thing that most security professionals can agree on, it’s that asset inventories are one of the most important things to get right. Done correctly, they give you the best insight into your potential attack surface and identify where to focus your efforts. Asset inventory is the ultimate base-lining activity.
Some of the organizations we work with are doing an amazing job at this, others are at the start of their journey.
Of course, it’s a lot easier said than done. Creating and maintaining asset inventories is notoriously hard to do well. And it’s boring. Really boring.
Attackers Are Looking: Why Aren’t You?
But understanding your assets is *really* important. After all, the first two CIS Critical Controls are
- Inventory and Control of Hardware Assets
- Inventory and Control of Software Assets
It’s also increasingly popular as we think about threat intelligence. Some of the most popular TTPs (as classified by Mitre ATT&CK), Exploitation of Public-Facing Applications is one of the most prevalent. If it’s one thing we know, it’s that attackers are looking to exploit these. As Mitre succinctly put it:
If an application is hosted on cloud-based infrastructure, then exploiting it may lead to compromise of the underlying instance. This can allow an adversary a path to access the cloud APIs or to take advantage of weak identity and access management policies.
Without visibility into what these are, the chances of you effectively prioritizing security defenses are minimal.
Common Challenges of Threat Intelligence
Almost every survey you read on threat intelligence outlines frustrations end users have with the relevance of the intelligence they receive, either as a result of false positives or generic information about threats.
Of course, threat modeling and threat intelligence are codependent. Threat intelligence can then inform, to a greater or lesser extent, how detailed the information you have on the threats to those assets. Indeed, Digital Shadows uses our knowledge of the threat landscape to inform the types of risk alerts we identify for our clients.
SearchLight Starts with Your Assets
This is precisely why we’ve taken the approach that we have with SearchLight. We start with understanding your assets, their value to you, and then look for where they are exposed. What’s more, we don’t just keep to the traditional definition of assets – also extending it to social media handles and document markings.
However, just as with asset inventory, we’ve learned over the years that gathering these assets isn’t trivial and can be a painful process to get these from different teams in the organization. That’s why we’re introducing asset proposals; automatic discovery of assets for organizations to add for collection.
How Asset Discovery Works
Whenever company, brand, or domain assets are added to SearchLight, it will trigger asset discovery. Asset discovery can currently be used to find and propose domain assets, and will extend to cover other asset types in the future.
SearchLight does this by discovering where the WHOIS registrant email matches that of an existing and active domain asset, or where the WHOIS registrant organization matches an existing and active company or brand asset.
Clients have the final say over whether to add these for monitoring. If they do so, SearchLight will provide ongoing monitoring for instances of domain impersonation, exposed employee credentials, and certificate issues.
Get in Touch to Learn More
If you want to learn more about how SearchLight identifies and protects your assets from growing threats, reach out to a member of our team or request a demo here.