Security in the Cloud
Driven by Risk Management
Controlled by Security Policies
Based on Cybersecurity Standards
Situational Awareness
Operated by Security Procedures
Continuous Threat Exposure Management (External)
What is a Digital Risk Protection (DRP) Technology Stack?
Despite the implementation of various layers of security technologies, ranging from network perimeter firewalls to endpoint security, the exponential growth of cyber losses suggests a significant gap in past information security architecture practices.
There is now a better understanding of the size of the problem. As organizations continue to move their business operations to the digital domain, their digital assets are expanding both within and beyond their physical perimeters. The COVID-19 pandemic has further accelerated this trend, as businesses face new challenges and are forced to adopt online transformation strategies. Additionally, organizations are increasingly dependent on the security practices of their vendors and partners. Simply put now “You are as secure as your vendors”.
This challenge requires a new set of technologies to address all cyber threat use cases that are spread around the internet. This is what we call a Digital Risk Protection Stack.
It starts with generating and then continuously monitoring an inventory of your digital assets that you may also call your digital face. Domains, Hosts, IPs, Social media profiles, Mobile Apps and many more including the profiles of Board and Executives are part of this inventory. Labeled as “External Attack Surface Management”, it is done in a passive, non-intrusive manner with no impact on any system and requires no installation or configuration of any technology or tool.
The next step involves conducting a security assessment of this inventory and reflecting the results on a scorecard categorized under "Security Risk Ratings Services". This scorecard should be updated frequently, preferably on a daily or weekly basis. Because this process does not require installation or impact the target systems, it can be conducted for any organization, similar to a Google search. As a result, organizations can now engage in "Third Party Risk Management" by monitoring the risk scores of their vendors, partners, or any organization of interest.
The next step is to identify the specific cyber threats, scams, or fraud data points that may be present across the internet, whether they are on the surface, deep, or dark web. There are numerous use cases to consider, and the number continues to grow as hackers develop newer and more innovative techniques. Some examples of these use cases include phishing, brand impersonation, online fraud, data leakage, breached credentials, hacker chatter, and rogue mobile apps. This is categorized under “Digital Risk Protection ”.
To secure a brand's image, reputation and avoid falling victim to fraud, it is crucial to address these identified data points. The primary course of action is to initiate a "takedown" process, where the infringing data is removed by contacting the relevant stakeholder or system owner. It is essential for organizations that aim to protect themselves digitally to detect, monitor, and respond to such threats in their early stages.
A step further in this direction is risk-based environment hardening, which comprises step-by-step recommendations and guidelines in which organizations can disrupt attacks and techniques mapped to the MITRE ATT&CK Framework. These stem from the recurring TTP playbooks which detail the behavior and impact of adversaries. Steering the attention of security teams to this aspect is more important than stressing over Indicators of Compromise naturally updated by defense in depth technology already employed in an organization.
Tackling these incidents in a swift and effective manner has a deterrent effect that discourages threat actors from pursuing such attempts. As the time invested in such attacks becomes less valuable, the likelihood of such incidents decreases. To take a proactive approach in the field of cybersecurity, it is critical to place emphasis on the Indicators of Attack, Warning, and Exposure. This can be achieved by safeguarding an organization's internet-facing assets.