Fast-paced cyber threats are driving more organizations towards cybersecurity solutions that help them anticipate attacks. Today, we unveiled 471 Attack Surface Protection, a powerful attack surface management solution that leverages Intel 471’s cyber threat intelligence to help customers quickly prioritize high risk exposures and improve their business operations.
Digital transformation has left many organizations with a growing array of internet-facing assets, from remote desktops to cloud storage buckets, databases, web applications, application servers and much more. Every time an organization adds to their attack surface on the internet, external attackers gain one more potential entry point to sensitive data, so it should be a priority for security teams to minimize these exposures.
Yet many organizations don’t have a full inventory of their internet-facing assets and lack visibility into the vulnerabilities and misconfigurations that leave assets like web applications exposed to attackers. 471 Attack Surface Protection addresses these blindspots with continuous asset discovery and vulnerability scanning while Intel 471’s unique and timely cyber threat intelligence (CTI) from underground, open web and other sources help customers prioritize remediation of the most at-risk assets.
Why are attackers targeting internet-facing IT assets?
Threat actors are increasingly targeting vulnerabilities and misconfigurations in internet-facing assets as a first port of entry in data theft, ransomware and disruptive cyber incidents. Intel 471’s Vulnerability Intelligence team reported in the 471 Cyber Threat Report 2024 that there was a 178% increase in the exploitation of web application vulnerabilities in 2023 compared to 2022. Verizon also found that stolen credentials for web applications and exploited vulnerabilities in web applications were the top attack vectors for data breaches it investigated in 2023.
Last year, our Vulnerability Intelligence team tracked 53 distinct threat actors on underground cybercrime forums who specialize in weaponizing vulnerabilities in software. The team also observed a 43% increase in “zero-day” (a previously undisclosed vulnerability for which no patch is available) exploitation in 2023. Zero-days have primarily been used by state-sponsored threat actors, but the CLOP ransomware gang showed cybercriminals now have the resources to buy or weaponize them too. The group wielded one zero-day affecting MOVEit file transfer software to compromise and extort several hundred enterprises with vulnerable internet-facing MOVEit servers.
These trends suggest that attackers are increasingly targeting exposures in internet-facing assets at a time when security budgets and skills are being stretched across ever expanding external attack surfaces.
What’s the advantage of 471 Attack Surface Protection?
At its heart, as Jason Passwaters, CEO and co-founder of Intel 471 said in the announcement for 471 Attack Surface Protection, intelligence-led security helps customers enhance their business operations by reducing their attack surface and identifying cyber risks. The quality, timeliness and relevance of Intel 471’s CTI is the critical differentiator.
Intel 471 continuously updates its intel on ransomware gangs, initial access brokers, bulletproof hosting providers, cybercrime marketplaces and other threats, and shares that data with customers on the Intel 471 TITAN platform. This intel helps security teams observe threats as they unfold, understand how threat actors operate and who they communicate with for customers to anticipate attacks and prioritize fixing assets that represent the biggest risk to their digital infrastructure.
Intel 471’s Malware Intelligence team also analyzes malware and monitors the activities of botnet operators that distribute malware and malicious spam. The team identifies indicators of compromise (IoCs) and classifies malware behaviors according to our General Intelligence Requirements framework, allowing security teams to quickly identify whether the malware is ransomware, an infostealer, a banking trojan or another threat.
471 Attack Surface Protection uniquely integrates Intel 471 Vulnerability Intelligence and Malware Intelligence deep into the dashboard’s reporting and alerting so that customers can take swift action based on qualified threat data. Customers can discover managed and unsanctioned internet-facing assets, map changes to their digital footprint over time, and continuously probe for weakness the industry tracks with the Common Vulnerabilities and Exposures (CVE) numbering system. Accurate, timely, and relevant CTI gives security teams the power to zoom in on CVE-affected internet-facing assets and assess risk based on several factors:
- The value of the asset affected by a CVE
- The CVE’s severity and impact
- Whether the CVE has been weaponized and is actively exploited
- If the CVE has been discussed on open source or underground forums
- Details about malware communicating with customer domains or IP addresses
- Malware-type, such as infostealer or banking trojan
471 Attack Surface Protection is also a powerful tool for independently evaluating supply chain and third-party risks, enhanced with snapshots of the threat environment to give customers a more comprehensive understanding of attack surface risks at any given time.
Key capabilities of 471 Attack Surface Protection:
- Identify and reclaim unknown cloud and on-premise assets, services and unsanctioned IT
- Anticipate attacks and prioritize remediation of at-risk assets
- Independently evaluate third-party vendor, subsidiary and M&A attack surface risks
- Monitor departments and subsidiaries to improve security posture and compliance
- Discover internet-exposed hosts, applications, software and identities
- Identify expired digital SSL certificates and weak encryption
Customers that want more Intel 471 CTI such as threat actor profiles and activity reports, threat actor tools, tactics and procedures (TTPs), vulnerability reports, and malware analysis can subscribe to Attack Surface Intelligence and TITAN, which is continuously refreshed with data from our global in-region teams specializing in malware, vulnerability, credentials, ransomware leak sites, and cybercrime marketplaces.
Reach out to Intel 471 if your security teams want to supercharge your attack surface management with unparalleled threat intelligence from Intel 471’s CTI teams. Contact Us