3Social Media Analysis
4Data Leakage Analysis
Do similar domains and spoofed sites exist that could trick your customers or employees? Security teams must sort through various domains, using accurate URLs as well as common misspellings and typical replacement characters, such as using the numeral 1 in place of the letter L or 5 for the letter S. This type of intelligence is important for identifying potential social engineering attacks and spoofing attacks aimed at an enterprise’s customers.
6Network Services Discovery
This portion of the process should include a thorough scan that searches known bugs, open-source vulnerabilities and malware. It should also identify any cloud-based files, scanning for the same. While this scan is something that many organizations do on a regular basis and is by no means an all-around security solution, it is an important step in building a complete cyber-exposure profile. BAE Systems Applied Intelligence, Kroll Ontrack, Mandiant, FireEye and Nettitude are among key suppliers of this service.
8Social Engineering Assessment
9Threat Intelligence Review
A company can use cyber-threat intelligence to identify likely threats against its industry/sector/region and even threats against the company itself. Has the company already caught the attention of attackers? Once this question is answered, all of the information found can produce a prioritized threat assessment.
11Understand Your Cyber-Exposure Profile
Without visibility into what cyber-criminals can learn from your cyber presence, you can’t effectively protect against the threats posed to your organization. Conducting a thorough cyber-exposure profile will enable you to understand your cyber-exposure through the eyes of a would-be attacker and examine your security strategy through a different lens.