In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.
For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.
Securing the digital footprint requires a new approach called DIME (Discover, Inventory, Monitor and Engage). This involves continuously discovering all unknown digital assets, maintaining and updating an inventory of these assets, continuously monitoring them for threats and engaging to remediate security risks as they appear. Let’s look deeper:
* Discover. For most organizations conducting business or building brand awareness online, digital asset development occurs at a breakneck pace and deployment has become increasingly decentralized. Security teams are having a hard time keeping up and increasingly CISOs are loosing visibility into what they are responsible for securing. A new approach that uses a global mesh of proxy networks equipped with software-based virtual users can automatically discover and index all company web, mobile app and social media assets.
* Inventory. Maintaining an up to date inventory of digital assets is critical for implementing standard security processes such as patch management programs or vulnerability testing. The same global proxy network that performs initial discovery of a company’s digital footprint, provides continuous discovery and dynamically updates the inventory over time. It also recursively uncovers new candidates based on observed traits of confirmed assets. This provides security teams with a persistently up-to-date list of digital assets so they can perform vulnerability testing, detect and patch out of date systems, detect broken SSL certs, etc.
* Monitoring. Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organization’s operational, asset and security environment. By varying click patterns and emulating real browsers, software-based virtual users can detect external-facing threats in the digital footprint that evade traditional web-scanning technologies. These include malware, phishing, malvertisements and defacement aimed at customers, partners or employees. Look for a service with global proxy networks spanning multiple metro areas and countries that can crawl millions of web pages per day and mobile app stores internationally.
* Enforcement. To automate remediation of threats discovered in the digital footprint, a full-featured API can integrate into existing workflows to initiate takedown requests and block infected sites or malicious ads.
DocuSign, which operates the most widely used Digital Transaction Management platform and eSignature solution in the world, is a good example of DIME in action. More than 100,000 customers and 50 million users in 188 countries use DocuSign. Protecting its digital footprint, including mobile apps which are used extensively in financial services, insurance, healthcare, life sciences, real estate, technology, communications, higher education, government, etc., is key to is success.
DocuSign has deployed DIME to detect rogue web and mobile apps made available by unknown third parties as well as partner mobile apps with improper branding or unapproved functionalities. Using API integration—DocuSign is able to automate takedown requests, freeing up technical overhead for its security team.
The enterprise digital footprint, which continues to grow and expand unabated, represents a largely undefended target for planting outward facing attacks. New technologies that provide D.I.M.E at Internet-scale can provide the visibility enterprises need to police their digital infrastructure, keep it secure and ultimately protect their brand reputation.
About the Author: Elias Manousos is CEO of RiskIQ. He is an online security expert with more than 15 years of experience in developing and delivering enterprise security technologies. He was instrumental in creating now-commonplace technologies for web single sign-on (SSO) security.