Securing the enterprise digital footprint

You need to continuously discover unknown digital assets, maintain an inventory of these assets, monitor for threats and engage to remediate risks as they appear

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.

For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.

Securing the digital footprint requires a new approach called DIME (Discover, Inventory, Monitor and Engage). This involves continuously discovering all unknown digital assets, maintaining and updating an inventory of these assets, continuously monitoring them for threats and engaging to remediate security risks as they appear.  Let’s look deeper:

* Discover. For most organizations conducting business or building brand awareness online, digital asset development occurs at a breakneck pace and deployment has become increasingly decentralized. Security teams are having a hard time keeping up and increasingly CISOs are loosing visibility into what they are responsible for securing. A new approach that uses a global mesh of proxy networks equipped with software-based virtual users can automatically discover and index all company web, mobile app and social media assets.

* Inventory. Maintaining an up to date inventory of digital assets is critical for implementing standard security processes such as patch management programs or vulnerability testing. The same global proxy network that performs initial discovery of a company’s digital footprint, provides continuous discovery and dynamically updates the inventory over time. It also recursively uncovers new candidates based on observed traits of confirmed assets. This provides security teams with a persistently up-to-date list of digital assets so they can perform vulnerability testing, detect and patch out of date systems, detect broken SSL certs, etc.

* Monitoring. Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organization’s operational, asset and security environment. By varying click patterns and emulating real browsers, software-based virtual users can detect external-facing threats in the digital footprint that evade traditional web-scanning technologies. These include malware, phishing, malvertisements and defacement aimed at customers, partners or employees. Look for a service with global proxy networks spanning multiple metro areas and countries that can crawl millions of web pages per day and mobile app stores internationally.

* Enforcement. To automate remediation of threats discovered in the digital footprint, a full-featured API can integrate into existing workflows to initiate takedown requests and block infected sites or malicious ads.

DocuSign, which operates the most widely used Digital Transaction Management platform and eSignature solution in the world, is a good example of DIME in action. More than 100,000 customers and 50 million users in 188 countries use DocuSign. Protecting its digital footprint, including mobile apps which are used extensively in financial services, insurance, healthcare, life sciences, real estate, technology, communications, higher education, government, etc., is key to is success.

DocuSign has deployed DIME to detect rogue web and mobile apps made available by unknown third parties as well as partner mobile apps with improper branding or unapproved functionalities. Using API integration—DocuSign is able to automate takedown requests, freeing up technical overhead for its security team.

The enterprise digital footprint, which continues to grow and expand unabated, represents a largely undefended target for planting outward facing attacks. New technologies that provide D.I.M.E at Internet-scale can provide the visibility enterprises need to police their digital infrastructure, keep it secure and ultimately protect their brand reputation.

About the Author: Elias Manousos is CEO of RiskIQ. He is an online security expert with more than 15 years of experience in developing and delivering enterprise security technologies. He was instrumental in creating now-commonplace technologies for web single sign-on (SSO) security.

Join the CSO newsletter!

Error: Please check your email address.

More about AOLDocuSignEngage

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Elias Manousos, CEO, RiskIQ

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place