This vendor-written tech primer has been edited to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.
For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.
Securing the digital footprint requires a new approach called DIME (Discover, Inventory, Monitor and Engage). This involves continuously discovering all unknown digital assets, maintaining and updating an inventory of these assets, continuously monitoring them for threats and engaging to remediate security risks as they appear. Let’s look deeper:
* Discover. For most organizations conducting business or building brand awareness online, digital asset development occurs at a breakneck pace and deployment has become increasingly decentralized. Security teams are having a hard time keeping up and increasingly CISOs are loosing visibility into what they are responsible for securing. A new approach that uses a global mesh of proxy networks equipped with software-based virtual users can automatically discover and index all company web, mobile app and social media assets.
* Inventory. Maintaining an up to date inventory of digital assets is critical for implementing standard security processes such as patch management programs or vulnerability testing. The same global proxy network that performs initial discovery of a company’s digital footprint, provides continuous discovery and dynamically updates the inventory over time. It also recursively uncovers new candidates based on observed traits of confirmed assets. This provides security teams with a persistently up-to-date list of digital assets so they can perform vulnerability testing, detect and patch out of date systems, detect broken SSL certs, etc.
* Monitoring. Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organization’s operational, asset and security environment. By varying click patterns and emulating real browsers, software-based virtual users can detect external-facing threats in the digital footprint that evade traditional web-scanning technologies. These include malware, phishing, malvertisements and defacement aimed at customers, partners or employees. Look for a service with global proxy networks spanning multiple metro areas and countries that can crawl millions of web pages per day and mobile app stores internationally.
Sign up for CIO Asia eNewsletters.