We’re here to help

Organizations can significantly enhance their cybersecurity defenses by leveraging TTP (Tactics, Techniques, and Procedures) playbooks in a few distinct ways. Firstly, through proactive threat hunting, where understanding the TTPs used by adversaries enables organizations to actively search for signs of compromise and early attack indicators. Secondly, through the education of employees on adversaries' TTPs to heighten their security awareness and help them identify potential threats. Lastly, by integrating the knowledge gained from TTP playbooks into their defense strategies, organizations can align their defenses more effectively to counter known threat behaviors.

Recurring playbooks provide valuable insights into the tactics and techniques consistently utilized by trending APT groups and malwares in previous attacks. By analyzing these patterns, organizations can proactively identify potential risks and vulnerabilities in their systems that align with the attacker's preferred methods. This knowledge enables organizations to implement targeted mitigations and defenses to better protect their networks and data.

The MITRE ATT&CK framework categorizes and describes a vast array of tactics, techniques, and procedures used by cyber adversaries during different stages of an attack. Having access to thousands of these techniques and sub-techniques enables organizations to comprehensively assess and understand the potential attack vectors and methods adversaries might employ. This knowledge is instrumental in developing robust defense strategies and effectively countering emerging threats.

Recurring playbooks of trending adversaries refer to the patterns and tactics used by well-known Advanced Persistent Threat (APT) groups and malwares in their previous incidents. These playbooks capture the attacker's behavior, impact, and the specific Tactics, Techniques, and Procedures (TTPs) employed during their attacks. Understanding these playbooks empowers organizations to identify potential risks and improve their security posture by proactively defending against known threat behaviors.

HackerView currently supports 11 different issue categories, or Risk Scorecards, which encompass over 90 different issues.

To simplify Cyber Risk for your Executive Management, Hackerview classifies every issue within a specific issue category or a risk scorecard. Each of these scorecards will deal with highly specific issues and be assigned its own grade rating.

In certain cases, such as when a new vulnerability is disclosed in the wild, custom templates are developed and incorporated into DeepScan. These templates enable DeepScan to effectively identify and assess the specific vulnerability across an organization's external-facing assets.

The frequency of scanning activity conducted by HackerView will depend on the currently subscribed plan.

HackerView is an external attack surface management platform. It only performs passive and non-intrusive scanning to ensure no noise is created within your system logs or any interruption is caused to your business operations.

While each protocol can be used independently, using all three protocols together is recommended for maximum email security. SPF, DKIM, and DMARC work together to verify the authenticity of email messages and provide visibility into email delivery.

To set up DKIM for your domain, you must generate a public-private key pair and add the public key to your DNS as a TXT record. You must also configure your email server to sign outgoing emails with the private key.

To create an SPF record for your domain, you must add a TXT record to your DNS that includes a list of IP addresses or domains authorized to send emails on behalf of your domain. You can use an SPF generator tool to create a customized SPF record for your domain.

Compromised Cards Monitoring is a process that tracks and detects compromised credit or debit card information to prevent fraudulent transactions and protect customers from financial losses.

A typo-squatted domain is a deceptive website that imitates the spelling or appearance of a legitimate domain to trick users into visiting it accidentally. These domains exploit common typing errors or variations to carry out malicious activities such as phishing, distributing malware, or stealing sensitive information.

No, unlike certain security tests that may require access credentials or direct interaction with systems, DeepScan is limited to perform active non-intrusive checks, where a benign payload is applied to the entity to check for the existence of a known vulnerability. These checks are intelligently performed based on the context and technology discovered on the asset.

CTM360 scans the internet to identify any content that impersonates your monitored executives identity with the option to perform takedown on the fradulent content.

Data leakage refers to the unauthorized or accidental disclosure of sensitive information, confidential data, or intellectual property from an organization or individual, potentially leading to security breaches, privacy violations, and significant consequences for the affected parties.

Online investment scams are fraudulent schemes that operate on the Internet, enticing individuals with false promises of high returns on their investments.

It is recommended to examine DMARC reports regularly to monitor email delivery and authentication. Look for patterns in the data, such as which IP addresses are sending an email.

To apply DMARC to your domain, you must create a DMARC record in your DNS. This record will specify how receivers should handle emails that fail SPF and DKIM checks. You can also specify that receivers send reports back to you about email delivery and authentication. It is recommended to start with a DMARC policy set to "none" to monitor email delivery and authentication before enforcing stricter policies.

The primary benefit of using DMARC is that it helps prevent email spoofing and phishing attacks by verifying the authenticity of email messages. DMARC also provides visibility into email delivery and allows senders to monitor and analyze email authentication data. This can help organizations improve their email deliverability and protect their brand reputation.

Domain message authentication reporting and Conformance (DMARC) uses both SPF and DKIM to verify the authenticity of emails. DMARC allows email senders to publish policies in their DNS records that specify how email receivers should handle emails that fail authentication checks. It also provides a mechanism for senders to receive reports from receivers about email delivery and authentication.

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an email authentication protocol that uses SPF and DKIM to verify the authenticity of emails. DMARC allows email senders to publish policies in their DNS records that specify how email receivers should handle emails that fail authentication checks. It provides a mechanism for senders to receive reports from receivers about email delivery and authentication.

CTM360 offers 15+ remediation actions, including but not limited to the following: Takedown, Shutdown, Global Threat Containment (GTC), Account Suspension, Account Reclamation, Domain Suspension, Blacklisting, Deindexing, and more.

Implementing brand protection strategies enables organizations to safeguard their corporate assets and reputation by constantly monitoring, identifying, and removing fraudulent websites and accounts established by cybercriminals.

Yes, the platform supports different languages and can be customized according to the member’s needs.

The Kill-Switch technique involves identifying and targeting specific elements or behaviors within a cyber attack. By disrupting these elements, organizations can halt or significantly impede the progress of the attack. This technique can be particularly effective against malware infections and targeted attacks.

Kill-Switch Mastery is a methodology introduced by CTM360 that empowers organizations to disrupt malware infections or specific types of attacks, such as ransomware or APT Group activities. By mastering the Kill-Switch technique, organizations can effectively mitigate multiple attacks by hardening their defenses against a single technique. This approach minimizes the potential impact of various threats and enhances an organization's ability to thwart attacks.

The MITRE ATT&CK framework is a comprehensive knowledge base that categorizes and describes various tactics, techniques, and procedures (TTPs) commonly used by cyber adversaries during different stages of an attack. ThreatCover leverages this framework to provide actionable hardening guidelines based on real-world threat behaviors. This ensures that organizations are equipped to counteract specific attack techniques effectively.

ThreatCover provides mitigation recommendations by identifying and disrupting specific techniques and sub-techniques outlined in the MITRE ATT&CK framework. These recommendations are prescriptive and designed to help organizations counteract potential attacks. By implementing the suggested mitigations, organizations can proactively defend against threats and significantly reduce their attack surface.

ThreatCover is a comprehensive security platform that offers prescriptive hardening guidelines based on Tactics, Techniques, and Procedures (TTPs) derived from the MITRE ATT&CK framework. These guidelines empower organizations to strengthen their internal environment by actively disrupting techniques and sub-techniques employed by cyber threats, including APT Groups and malwares. By following ThreatCover's recommendations, end-users can effectively defend against emerging threats and enhance their overall security posture.

CTM360 identifies what is specific to your organization by extracting valuable evidence from data points on the Surface, Deep and Dark Web to reduce the potential of threats aimed at your organization.

As organizations grow, keeping track of and recording all the various External Assets becomes cumbersome. Often, an organization ends up deploying more assets than needed and then forgetting about them. These assets are termed Rogue assets or Shadow Assets. External Attack Surface Management provided by CTM360 helps tackle this issue by using pivoting points within your external attack surface to identify and link additional assets related to your organization.

Any digital asset, such as a domain, subdomain, or IP address that anyone on the internet can access, is an externally-facing or publicly accessible asset.

The Community Edition is a free version of the CTM360's consolidated platform that offers a range of features and functionalities to help organizations understand their external digital presence. It is accessible to any authorized cybersecurity personnel from a legitimate organization worldwide.

Yes, CTM360's solutions are designed to help organizations meet regulatory compliance requirements, such as GDPR, PCI DSS, HIPAA, and ISO 27001. It offers tools and services to assess, manage, and monitor compliance in a streamlined manner.

The Community Edition is accessible to one authorized user per organization. This access is valid until revoked by the end-user or by CTM360.

The platform can pivot via various points such as WHOIS Records, Reverse WHOIS records, DNS Entries, SSL Certificates, and more.

The Community Edition of CTM360 offers a subset of features from the full platform, focusing on External Attack Surface Management, Digital Risk Protection, and DMARC360. This edition is designed to provide maximum value to the community at no cost, making it accessible to small and medium-sized enterprises (SMEs) who can leverage from the three technologies and take control of their digital presence.

CTM360 employs a proactive approach to cybersecurity. Its solutions combine advanced technologies, threat intelligence, and human expertise to identify and mitigate potential security risks, monitor for ongoing threats, and respond quickly to incidents.

ThreatCover feeds are consistently refreshed on daily bases from diverse and reputable threat intelligence sources, enabling users to remain abreast of the latest emerging threats.

The Community Edition users can upgrade to any plan with transparent pricing options available through the platform.

CTM360 has a dedicated incident response team that provides 24/7 support to its clients. In the event of a cybersecurity incident, the team follows a well-defined incident response process to contain, investigate, and remediate the incident in a timely and effective manner.

Yes. CTM360 CIRT fully manages all Incident Response/Response actions. Unlike most other platforms, each incident submitted for takedowns or response is handled directly by our Cyber Incident Response Team (CIRT) with standardized workflows. It is much more detailed than a simple automated Digital Millennium Copyright Act (DMCA) request. The process includes initial report submissions via multiple channels, escalations across different levels (Site owners, Host providers, and Registrars), and direct communication with different points of contact if needed.

The Community Edition allows users to submit up to three takedown requests for free, enabling users to respond to incidents targeting their brand.

Absolutely. CTM360 offers comprehensive cybersecurity awareness training programs to educate employees about common cyber threats, best practices for secure behavior, and how to recognize and report potential security incidents.

After stage 1, we will have more clarity as to which of your email providers (IPs) are being used to send out your Emails. The first step in this stage is to review your current process on outgoing Emails and identify any recommended changes. This would reflect by modifying IPs that may or may not be involved as your Email outgoing IPs. With that information, we can configure those IPs in the DNS record to reflect as your authorized IPs to send out your Emails.

Support is provided through the platform.

ThreatCover offers feeds in two versions: TAXII 1 and TAXII 2.1. These versions allow users to choose the format that best suits their threat intelligence integration needs.

DMARC quarantine policy tells the recipient of your emails that if both SPF and DKIM checks fail, accept the email, but mark it as spam.

CTM360 is a leading cybersecurity company based in Bahrain. It offers comprehensive cybersecurity solutions and services to help organizations detect, prevent, and respond to cyber threats

CTM360 provides a range of cybersecurity products, including threat intelligence platforms, security incident and event management (SIEM) systems, vulnerability management tools, and advanced threat detection solutions.

Yes, ThreatCover provides integration capabilities through its APIs. You can integrate threatCover with other security tools and platforms, such as SIEMs, threat intelligence platforms, and security orchestration tools.

HackerView utilizes Open Source Intelligence (OSINT) and in-house built tools to carry out its scanning activities.

DMARC reject policy tells the recipient of your emails that if both SPF and DKIM checks fail, reject the email.

External Attack Surface Management (EASM) continuously identifies, monitors, and secures an organization's externally-facing or publicly accessible assets. This process enables organizations to address weaknesses, misconfigurations, and potential entry points that adversaries could exploit to gain unauthorized access or cause harm.

CTM360 serves a wide range of industries, including banking and finance, healthcare, government, telecommunications, energy, and manufacturing. Its solutions are tailored to meet the unique cybersecurity needs of each industry.

CyberBlindspot detects threats relevant to your organization across the Surface, Deep, and Dark web using a combination of identifiers and scouting techniques. These identifiers include regex patterns, brands and executives' names, images and logos, IP addresses, domains, BINs, and mobile apps names and publishers and more.

The platform employs a comprehensive approach to minimize false positives by verifying every incident. It combines both automated systems and human intervention to monitor threats and identify them as incidents specifically targeting your brand. To achieve this, the platform utilizes in-house scoring mechanisms and manual verification processes that effectively reduces false positive.

Our dedicated Cyber Incident Response Team (CIRT) handles each incident submitted for takedowns or response using standardized workflows. This includes direct engagements with global CIRTs, ISPs, hosts, registrars etc. Additionally, we have attained tier 1 status with select high-value escalation points, including direct API access.

CTM360 offers 15+ remediation actions, including but not limited to the following: Takedown, Shutdown, Global Threat Disruption (GTD), Account Suspension, Account Reclamation, Domain Suspension, Blacklisting, Deindexing, and more.

The accuracy of data found in the dark web is a significant concern, as it is a high-noise environment where falsified information is prevalent. To address this challenge, CTM360 prioritizes obtaining highly relevant information that is tailored to your organization from paid and privileged sources.

ThreatCover provides capabilities to generate and export data in CSV & JSON format. These exports can be used to share threat intelligence data with external systems or partners.

Vendors can attach all necessary or requested evidence in one link or provide separate links for each piece of evidence. Vendors should ensure that these link(s) are secured and accessible to the authorized requestor only. Additionally, vendors may utilize their preferred cloud storage service (e.g., Google Drive, Dropbox, Sharepoint, etc.), thereby maintaining full control over any shared data.

Yes, CTM360's solutions include continuous monitoring of network activity, threat intelligence feeds, and real-time alerts. It keeps organizations informed about the latest threats and vulnerabilities, allowing them to proactively protect their systems and data.

Yes, users can create new custom questionnaires by navigating to the 'Builder' section. Within this section, users can leverage our comprehensive control question library to create a tailored questionnaire that aligns with their requirements.