Today, the attack surface of companies is not limited to their network. Actually, it’s just a little bit. When it comes to determining how and where to attack an organization, threat actors have many options beyond the network perimeter. As a result, companies are investing in operational capabilities to identify and respond to external threats in the digital risk landscape. This is called Digital Risk Protection (DRP).
DRP is defined as a business process that combines intelligence, detection and response to reduce attacks in an external digital risk environment.
What makes DRP essential?
The external digital threats facing businesses continue to grow. As the world becomes more digital, business is increasingly done outside the corporate network through non-traditional channels such as social networks, mobile applications and the Internet.
In addition, the increase in teleworking and digital conversion as a result of the pandemic has led to faster adoption and use of platforms and services that are beyond the direct control of the company.
In general, defenders are confronted with very unfavourable circumstances. It has never been easier for threatening actors to pose as companies, compromise accounts and steal data. The risk related to account registration, brand misuse and data leakage is at record level.
Digital risk protection balances the playing field by detecting and mitigating external threats on the surface network, social networks, applications and the deep, dark web.
The DRP aims to combat threats in the digital world outside the corporate network.
- Domain monitoring
- Social network protection
- Protection of trademarks
- Prevention of account transfers
- Detection of data leaks
- Executive protection
Many companies initially focus on creating DRP functions in one or two use cases. This is often in response to a specific incident or an ongoing threat campaign. As they mature or circumstances change, companies usually expand their DRP program for additional applications.
It may be difficult to determine which cases should be used to prioritise, as many types of threat overlap and may involve different internal stakeholders.
The most important elements of an effective SDP
In line with Gartner’s hype cycle for security operations, DRP solutions help improve the ability to anticipate, prevent, detect and respond to problems in the existing threat landscape in a cost-effective, efficient and effective manner. Organizations rarely have the expertise to implement digital risk protection themselves. As a result, DRP often requires partnerships with solution providers.
There are three components that organisations need to integrate into their digital risk protection process in order to effectively protect themselves against external threats: Collection, conservation and limitation.
Collection
The collection is the basis of the visibility of the threat. Free and paid data channels are useful, but not enough. Direct recording is necessary to provide the level of visibility required for most DRP uses. In a high-risk digital landscape, a direct collection can contain thousands of sources.
The DRP scale requires a high degree of automation. However, some sources may require manual input. Ultimately, technology and human expertise should be used as much as possible in the collection of the data where necessary.
Curator
Effective data collection leads to a large number of potential threats. Conservation isolates those most relevant to the business, adds context and identifies the risk they represent. It eliminates noise and identifies threats that need to be addressed.
As with assembly, the implementation of enterprise-wide monitoring requires automation. Machine processing and algorithms can be used to assess suitability and reduce noise. Expert analysis adds context and assesses its seriousness.
The transfer of functionality from automated analysis to human verification is crucial for a successful implementation of DRP. First of all, companies generally identify too many threats that require expert assessment. On the other hand, they decide to only take into account those with the highest score. This inevitably leads to ignoring threats.
Advanced DRP programs avoid this situation by using the results of analytical tests to optimize automated analysis. This ongoing coordination is invaluable in maintaining effectiveness and minimizing the risk of threats going undetected.
Mitigating the consequences
Softening is the purpose of DRP. The information obtained through the collection and processing of data has no value for the company unless it is used to minimise risk. It should also be noted that collection and maintenance have a significant impact on the effectiveness of corrective measures.
Complex external threats often have several elements that need to be addressed to effectively reduce the risks. These components are only identified by assembly and inspection. In addition, some risk mitigation measures may require collecting evidence and communicating it to service providers or authorities.
Damage limitation should focus on two areas:
- Removal of the threat from the infrastructure or platform on which it is located. This is often called corruption.
- Block access to the threat. This limits the potential impact.
Conducting research is often the most complex and time-consuming part of the DRP. Different types of threats require different procedures and there is no single general procedure for different platforms, registrars, hosts and other service providers. Few companies have the connections and local knowledge to effectively counter threats.
Managing external threats is difficult, but it is an important part of the containment effort. The destruction of the threat ensures the complete elimination of the threat. No replacement.
In addition to removing the threat, measures must also be taken to block access to this threat. For users within the organisation, this can be done by adding threat indicators to security controls (such as firewalls) that can enforce a blocking policy. This can usually be automated by integrating an API between DRP platforms and other security tools.
To prevent users from accessing threats outside the corporate network, malicious URLs and domains identified by the DRP can be redirected to browser blocking services such as Google Safe Browsing and Microsoft SmartScreen. There is no guarantee that the application will be used on time or not at all by these services.
In summary, DRP is an essential surgical process that, when properly performed, stops bleeding due to external threats. It supports a range of uses that will continue to grow as we rely increasingly on digital services and platforms outside the corporate network. ORS consists of extensive collection, monitoring and mitigation. By combining these capabilities in a single process, the DRP reorganizes the playing field and helps security teams combat external threats.
Additional resources :
*** It’s the syndicated Security Bloggers Network blog from Stacy Shelley’s PhishLabs blog. You can read the original announcement at https://info.phishlabs.com/blog/what-is-digital-risk-protection.qualys,cve-2020-1350,cve-2020-1472,checkpoint ips signatures list,checkpoint r77.30 vulnerabilities,cve-2019-8462,checkpoint smartdefense logs,fortinet cve-2020-1472,f5 security advisories,cve-2020-0796 poc github,cve-2020-1020 exploit,cve-2020-1967 poc,cve-2019-0841 github,cve-2020-3153 poc,cve-2020-1472 proof of concept,extrahop vpn monitoring,extrahop webinar,extrahop key features,extrahop 360,extrahop use cases,extrahop news,security blog,security news,cyber security website,windows security news,cyber security news sites,malware blogs