In the ever-evolving cybersecurity landscape, staying ahead of potential threats is crucial. Attack Surface Intelligence (ASI) is vital in identifying vulnerabilities and mitigating risks. This blog post will discuss the latest data updates in ASI and the exciting developments within our threat research group.
New In-House Data Streams:
To provide comprehensive domain-related intelligence, we have built multiple new in-house data streams that will be integrated into ASI over the next two quarters. These additions will enable us to serve customers who rely on domain-related intelligence data from companies like DomainTools, Farsight, and RiskIQ. As of today, these feeds are already leveling up our internal attribution of related domains to scorecards, which in turn has already made ASI’s “Attributed Domains” information more accurate with less noise. Notable data streams include
- WHOIS Feed: We now possess our own reliable WHOIS feed, ensuring accurate and up-to-date information on domain registrations and ownership details.
- Newly Registered TLDs and Subdomain Enumeration: Our data includes information on newly registered top-level domains (TLDs) and subdomains. This data enhances our ability to monitor and assess potential threats originating from these sources.
Vulnerability Intelligence Database:
We understand the frustration of searching for a Common Vulnerabilities and Exposures (CVE) identifier only to find limited results. Our team has developed a comprehensive vulnerability intelligence database to address this issue, building off years of running one of the top ranked security websites, CVEDetails.com. This database will be incorporated into ASI to provide information on any CVE, even when the CVE is not detected on an exposed IP address or domain. Key features of this database include:
- Extensive Coverage: Our database covers every CVE, providing detailed information on vulnerabilities, including news from social media, news outlets, NVD metadata, GitHub issue mentions, code commits (if open source), backporting information, available exploits, threat actor usage, and vendor information and patches.
- Enhanced Search Capabilities: Users can search for any CVE and retrieve relevant information, eliminating the frustration of encountering limited or no results.
New Search Backend and Frontend Bringing Advanced Search Capabilities and Ease of Use:
With this month’s upcoming release of Visual Search, ASI’s search backend has moved from AWS CloudSearch to AWS OpenSearch. This allows us to actively expand the search capabilities of ASI. In addition to searching by IP addresses, users will soon be able to search by domains, portfolios, and subdomains. This enhancement will deliver comprehensive results across multiple entities, guaranteeing a more exhaustive analysis of potential vulnerabilities. Users will also be able to search by more than 1000 terms, which will allow peering into the ASI results of portfolios regardless of the number of scorecards they contain.
Our commitment to continuous improvement and innovation drives us to introduce new features and functionalities within ASI. Here are some updates scheduled for release later this year:
- Deep and Dark Web Crawling System: The first iteration of Threat Intel’s deep and dark web crawling system, known as Horus, is in the works. This system will closely resemble earlier versions of tools like Flashpoint, Intel471, and CyberSixGill. It will enable us to monitor underground forums, hacker communities, and other illicit sources to proactively detect emerging threats and malicious activities.
- Updates to Leaked Credentials: Our team is working diligently to enhance our leaked credentials dataset. With daily updated feeds, we ensure that our customers have access to the most recent information. Additionally, we aim to provide access to credentials not yet publicly available on the market, allowing organizations to proactively protect their assets and users.
The ASI data updates and upcoming developments outlined in this blog post exemplify our commitment to providing cutting-edge threat intelligence solutions. By incorporating new data streams, expanding search capabilities, and investing in innovative technologies, we aim to empower organizations with the tools they need to stay one step ahead of cyber threats. Watch this space for more updates on our journey towards a more secure digital future.