In the last three years, the pace of technological advancement has been exponential. Internet of Things, Automation, Cloud-based computing, Web 3 and many more advanced technologies have helped companies attain new heights.
But it has also led to an increased exposure to cybersecurity threats, especially threats to a company’s attack surface.
Razorpay, Air India, Big Basket, Tech Mahindra, Oil India Ltd- all these companies, in recent times, have been victims of major data breaches resulting in crores of losses. 70 percent of organisations in the last three years have been hit by a cyberattack and a whopping 81 percent feel that they could be a target, according to a report by cybersecurity experts Trend Micro.
Clearly, robust cybersecurity measures are crucial for any organisation’s cyber safety. But it isn’t so simple.
Chidhanandham Arunachalam, Chief Program Officer at Sumeru Software Solutions and an expert in the field of cybersecurity explains, “Companies implement the best security controls as well as invest in several cybersecurity programs but still end up in data breaches one way or the other. It’s because most organisations miss out on many aspects when considering their digital asset landscape. And at the end of the day, the hacker just needs one loophole to break into the system.”
He further elaborates that as the companies’ external attack surface gets bigger and bigger, they need the right tools in their arsenal to monitor the external threats. They need to protect external facing assets and keep tabs on all of the known and unknown threats.
Keeping this in mind, he along with Siva, Principal Security Consultant at Sumeru Solutions co-created a cybersecurity tool called Threat Meter.
Sumeru Solutions has been an empaneled vendor by CERT-IN, providing cybersecurity products and services to 200+ customers for more than a decade. With 20+ years of industry experience, Sumeru has some of the best security experts developing innovative cybersecurity products and providing powerful and multi-faceted cybersecurity services that comprehensively protect businesses.
Introduction to Threat Meter
Threat Meter is an external attack surface monitoring tool that continuously monitors, detects, protects, and remediates any organisation’s external attack surface from threats. To understand better, let’s first know what an external attack surface is.
A company’s attack surface is all of the digital footprints, and internet-exposed IT assets, whether secure or vulnerable, known and unknown, wherever they are on-premises, cloud, third-party or partner environments, or in the networks of your subsidiaries. It could be a misconfigured cloud storage, leaked credentials because of third-party data breaches, or sensitive account information which is easily accessible on the internet.
An organisation’s external attack surface is larger than what they believe and according to Verizon’s 2021 Data Breach Investigation Report, the majority of data breaches happen due to external threat actors.
“External attack surface management is no longer a ‘nice to have,’ it’s now a ‘must have’. It should be a part of every organisation’s basic cybersecurity hygiene,” says Chidha.
Therefore an attack surface management tool is imperative as it helps in continuous discovery, inventory, prioritisation, classification, and security monitoring of the IT ecosystem from an attacker’s perspective. It’s crucial for the prevention and mitigation of risks stemming from legacy, IoT, and shadow IT assets.
And that’s exactly what Threat Meter does. It has a superior scanning technology that has bots running 24×7, which crawl the complete internet and dark web to identify threats like data leaks, phishing threats, brand impersonations, data breaches, and rogue mobile applications.
The scanning is completely passive and non-intrusive and hundreds of data sources are used to find online assets with just the domain name as the input. By this, an entire attack surface is discovered which the organisation would be unaware of.
“Threat Meter is designed to help you understand the mindset of the hackers and to know what hackers know about your organisation. It’s like having hackers on your side – act before they act,” says Chidha.
Key features of Threat Meter
Sumeru’s Threat Meter doesn’t stop at identifying the security issue but also takes care of the complete takedown of the identified threats such as phishing domains, rogue apps, brand impersonations, etc. Detailed remediation steps are provided for every risk identified in the organisation’s infrastructure. Additionally, if the organisation needs any assistance during the remediation, the team provides it till the closure of the issues.
It also has countermeasure services, where experts from Sumeru work with the clients on a case-to-case basis for data leaks and breaches to reduce the impact of the incident.
Another important aspect of the product is the actionable dashboard for CISOs (Chief Information Security Officers) and Vulnerability Management. On the dashboard, CISOs can view the key performance metrics for vulnerability remediation, see the highest risks and threats, and learn how to lower these risks. Threat Meter’s Vulnerability Management helps classify, and prioritise vulnerabilities that are identified and help in effective remediation planning.
Chidha throws light on how this particular feature makes it easier for security leaders to communicate the value of security investment.
“Threat Meter empowers security leaders to quantify risks in terms of possible financial loss, enabling them to assess the actual efficacy of existing security controls and the potential threats to their organisation. The product gives zero false positives and all findings displayed on the dashboard are validated by our security team,” he says.
Threat Meter gives an overall threat score and probable financial risk using industry standards and proprietary algorithms. These scores provide a means for monitoring the security hygiene of organisations and determining whether their security posture is improving or declining over time.
“Effectively ranking risks for remediation is the most damaging issue nowadays. Interestingly, Threat Meter does that by identifying the likelihood of each exploited vulnerability and the risk each exploit causes to ‘crown jewel’ assets. This ensures prioritisation of security issues for their clients,” explains Chidha.
Industries that can benefit most from Threat Meter
Any organisation holding valuable data or having a high internet presence like banks, NBFCs, and product/IT/SaaS companies could do well with the services of Threat Meter. However, it’s especially beneficial for banks and NBFCs, as it helps them rise above basic security hygiene and adhere to RBI’s mandate, which requires them to monitor external attack surfaces continuously and subscribe to anti-phishing and anti-rouge app services.
According to a recent research report, India’s Banking Finance Services and Insurances (BFSI) industry has been at the forefront of cyberattacks targeted at the Asian region.
The attractiveness of the BFSI sector for hackers can be seen from the number of attacks in the industry. In India, the number of fraud cases (credit cards, debit cards, and Internet banking) has increased dramatically from 58.61 crore in FY 2019-20 to 63.40 crore in FY 2020-21.
With increased online financial transactions, it also becomes easy for scammers to imitate the net banking login pages and mobile apps to target end customers. Sumeru’s Threat Meter monitors and detects any phishing threats and fake websites of banks. It also helps banks and NBFCs take down those fake websites and start the process of remediation.
Additionally, it helps financial institutions capture rouge finance apps on the internet that affect the end customers directly. Such apps can potentially access and compromise sensitive user data, such as financial details and login credentials.
Overall, Sumeru’s Threat Meter helps not just in identifying threats to your organisation but also along with Sumeru’s top-notch security research team working round-the-clock, you can be rest assured that your external attack surface is well guarded. It helps in avoiding regulatory fines, keeping you protected from brand-related scams, help identify dark web leaks, and proactively protects from emerging threats such as rogue mobile apps and phishing threats.