Digital Risk Protection Services (DRPS) are essential for safeguarding against cyber threats. DRPS offers critical insights into threat actors, including their strategies and methods for executing harmful activities. Additionally, DRPS plays a pivotal role in eliminating these threats on behalf of organizations. According to Gartner's paper, "Quick Answer: What Is the Difference Between EASM, DRPS and SRS?" DRPS is a market that combines technology and services designed to protect vital digital assets and data from external dangers. These services offer comprehensive visibility across various web layers, including the surface, dark, and deep web, to detect threats to crucial assets. They also provide detailed information about threat actors and their malicious techniques. DRPS supports organizations in four primary areas: mapping, monitoring, mitigation, and managing the impact on critical digital assets. This information is further detailed by ENISA in their publication on EU cybersecurity market analysis.
Turning to External Attack Surface Management (EASM), this service is vital for uncovering unknown assets and offering insights about publicly visible systems, cloud services, and applications that could be vulnerable to attackers. This visibility is extended to include an organization’s subsidiaries or third parties, as noted by Gartner. Forrester defines EASM as a continuous process of discovering, identifying, inventorying, and assessing the exposures of an entity’s IT assets.
Analysts have observed interesting developments in the relationship between DRPS and EASM. Many DRPS vendors are incorporating aspects of Threat Intelligence (TI) into their services, expanding their capabilities to include traditional and advanced TI use cases, such as context enrichment, prioritization, and threat actor tracking. Gartner notes that an increasing number of DRPS vendors are integrating EASM capabilities into their offerings, with over 50% expected to do so by the end of 2023. Takedown services are emerging as a critical differentiator in this market. Forrester emphasizes that brand threat intelligence should be a priority for organizations to mitigate reputational and regulatory risks.
Statistics show that 69% of organizations have fallen victim to attacks targeting unknown or poorly managed internet-facing assets. Furthermore, 43% of organizations devote over 80 hours to attack surface discovery, addressing it only on a weekly, semi-monthly, or monthly basis, according to ESG industry analysts.
Looking at the DRPS market's growth, it's projected to expand significantly, with a high compound annual growth rate (CAGR) of 9.8% from 2022 to 2030. The current market valuation stands at US$ 946.6 million and is expected to reach US$ 1.96 billion by 2030. This growth is driven by factors such as increasing digitization, the rising adoption of new technologies, government support for digital platforms, growing instances of cyberattacks, and the rising adoption of cloud-based platforms, as reported by Future Market Insights.
Use Cases and Challenges in Digital Risk Protection Services (DRPS) and External Attack Surface Management (EASM)
Organizations today are facing several challenges in managing their digital risk, particularly as they expand their online presence. These challenges include a limited understanding of risks linked to external assets, an increased attack surface due to digital expansion, the complexity of securing a growing number of digital assets, and the threat of sensitive data being sold on the dark web.
Beneficiaries of DRPS and EASM services encompass a wide range of professionals, including Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), security teams, compliance and risk officers, marketing and brand managers, and corporate executives. The importance of digital risk management extends beyond security operations to other business functions, such as marketing, legal, and fraud prevention.
Key Use Cases for DRPS:
Brand Monitoring: Protecting a company’s brand, products, and employees from attacks that can impact revenue and reputation is crucial. This involves identifying and addressing brand impersonations, such as fake web domains, social media fraud, and malicious applications.
Data Leak Detection: With the prevalence of high-value data being sold on the dark web, it’s important to detect data leaks across the clear, deep, and dark web, including on paste sites and code repositories.
Executive Staff Monitoring: As business executives become increasingly targeted, monitoring for exposure and protecting against online impersonation, identity theft, and fraud attacks is essential.
Key Use Cases for EASM:
Attack Surface Discovery: Understanding the risk associated with public-facing assets is key for organizations, especially those that lack knowledge of their risk mapped to external assets.
Digital Risk Mapping to External Assets It’s important for organizations to comprehend the risks linked to their public-facing assets.
Remediation Support: Having an up-to-date view of vulnerabilities, security gaps, or misconfigurations and addressing critical risks to exposed IT assets is vital.
Integration of DRPS and EASM
While DRPS vendors may not offer the same breadth of native asset discovery as EASM vendors, there’s a growing trend for DRPS vendors to extend their capabilities into EASM.
DRPS vendors are already contributing to digital asset discovery and data leakage detection to various extents.
A depiction of how DRPS vendors support the two key use cases of digital asset discovery and data leakage detection demonstrates the convergence of these services.
In summary, the integration of DRPS and EASM is becoming increasingly important for organizations to effectively manage and protect their digital presence against a wide array of cyber threats.
Technology Overview of Digital Risk Protection Services (DRPS)
Digital Risk Protection (DRPS) platforms employ cutting-edge technology to identify unauthorized use of logos, trademarks, content, and design layouts across various digital platforms. This technology plays a crucial role in safeguarding a company's digital assets and intellectual property.
Data Collection:
DRPS solutions provide extensive visibility by gathering large amounts of data from multiple digital channels, including the Surface Web, Deep Web, Dark Web, mobile app stores, social networks, paste sites, gripe sites, and blogs.
The tools used in source monitoring include:
Parsers: These offer flexible parsing to automate data collection from various sources.
Crawlers: Advanced crawling technologies are employed to capture web data comprehensively.
APIs: Application Programming Interfaces facilitate the efficient acquisition of data.
Analyst Input: Experts use sophisticated sourcing techniques to further enrich the collected intelligence.
The types of data collected can range from screenshots, images, and HTML files to redirect chains, traffic sources, and domain-related parameters.
Processing:
DRPS solutions continuously enhance detection algorithms tailored to various industries.
They automatically detect policy violations and classify, score, and prioritize these detected violations.
The process includes a combination of advanced automated analysis and expert vetting to review, validate, and categorize results that have been filtered by machines.
Mitigation and Remediation:
DRPS platforms respond to active threats using a combination of people, processes, and technology.
They conduct both automated and manual remediation and takedown activities.
By integrating takedown procedures with internal security controls, DRPS vendors ensure that threats are addressed swiftly and thoroughly.
Ongoing activities are essential for preventing future threats and implementing effective protection measures for digital assets.
DRPS vendors often extend their remediation support beyond standard takedown operations, adopting service-based approaches to meet market needs.
In essence, DRPS platforms are comprehensive in their approach to digital risk management, encompassing data collection, processing, mitigation, and remediation, and are vital for protecting the digital footprint of businesses in the ever-evolving online landscape.
Technology Overview of External Attack Surface Management (EASM)
External Attack Surface Management (EASM) is a critical aspect of cybersecurity, akin to Cyber Threat Intelligence (CTI). However, EASM focuses exclusively on external factors, without direct access to an organization's internal infrastructure. To compensate for this, EASM heavily relies on API integrations to query external services. These services include Shodan, PassiveTotal, DomainTools, regional registrars, and domain name services, among others. The purpose of using these tools is to understand a client's exposure and assess their security posture based on the data available.
EASM also involves basic activities like banner grabbing and port scanning, although this list is not exhaustive. These methods contribute to a more comprehensive understanding of the organization's external vulnerabilities.
The EASM process can be broken down into three primary stages: Collection, Processing, and Deliverables.
Collection
Application Programming Interfaces (APIs): These are used to gather data from various external sources.
HTTP/HTTPS: Monitoring and capturing data transmitted over these protocols.
Human Input: Expert analysis and data gathering, adding an essential layer of qualitative insight.
Processing
Enrichment: Enhancing the collected data for more detailed analysis.
Data Validation: Ensuring the accuracy and relevance of the data.
Data Classification: Organizing data into categories for better analysis.
Data Transformation: Converting data into a format suitable for analysis.
Prioritization: Determining which data points are most critical for the organization's security.
Mathematical Operations: Applying algorithms and calculations for advanced data analysis.
Deliverables
Use-case Based Manual or Automated Notifications: Tailored alerts based on specific client needs and scenarios.
Visualizations: Graphical representations of data to illustrate the attack surface and potential vulnerabilities.
Reports: Comprehensive documents detailing findings, assessments, and recommendations.
In summary, EASM utilizes a combination of advanced technologies and expert analysis to provide organizations with a thorough understanding of their external attack surface. This process involves meticulous data collection, sophisticated processing techniques, and the delivery of actionable insights through various formats to enhance the organization's security posture.
Overview of Key Players in Digital Risk Protection Services (DRPS) and External Attack Surface Management (EASM)
DRPS Use Cases. BlueVoyant's DRPS supports six primary use cases: Digital Brand Protection, Fraud Campaigns Discovery, Account Takeover Monitoring, Data Leakage Detection, External Attack Surface Analysis, and Executive Cyber Guard.
Delivery and Clientele: Offered as a fully managed service with unlimited takedowns, BlueVoyant serves approximately 150 global customers, predominantly in the banking, financial services, and insurance sectors.
Cross-Sell Opportunities: BlueVoyant also offers Third-Party Cyber Risk Management, Managed Detection and Response Services, and Professional Services. Their approach differs from competitors who often partner with security consulting providers and MSSPs.
SearchLight DRPS Platform: Specializes in identifying brand-related or executive impersonations to detect malicious activities. Offers continuous monitoring across various web environments.
Capabilities and Integration: Combines DRPS with Threat Intelligence (TI) offerings. Clients can access a library of TI reporting and integrate Digital Shadows intelligence into their security systems.
Data Collection and Remediation: Extensive data collection across the web, with machine learning and human analysis. Notable for extensive remediation capabilities, including kill switch integrations and takedown automation.
Competitive Differentiation: Specializes in brand protection, Account Takeover (ATO), and social media monitoring. Notable for close integrations with hosting providers and ISPs.
Intsights (a Rapid7 Company)
ETP Suite: Monitors a vast array of sources across the web to identify threats targeting unique digital footprints.
Key Features: Includes Dark Web Monitoring, Data & Credential Leakage, Blocking & Blacklisting, Takedown and Remediation, and Brand Protection.
ZeroFox
Digital Risk Protection Offering: Includes the ZeroFox Platform, OnWatch managed service, and Takedown-as-a-Service.
Use Cases and Expansion: Covers Brand Protection, Executive Protection, and more. Has expanded its TI capabilities through acquisitions and partnerships.
Censys
Asset Discovery and Risk Analysis: Focuses on continuous Internet Asset Discovery and Inventory, Risk Detection and Remediation, M&A and Subsidiary Risk Analysis, and Cloud Security and Governance.
Approach: Utilizes algorithmic discovery and automated attribution to manage and mitigate risks.
Ecosystem Security Platform: Discovers and maps assets and their connections to an enterprise, assessing risk based on various criteria.
Features and Integration: Offers comprehensive reporting and integrates with existing tools, emphasizing automated defense against takeovers.
Cortex Xpanse by Palo Alto Networks
Capabilities: Provides a continuously updated inventory of internet-facing assets, assessing supplier risk and security of acquired companies.
Unique Offerings: Includes improving asset inventory, risk ratings, identifying perimeter risk, and exposure to new CVEs.
RiskIQ (a Microsoft company)
Product Portfolio: Includes Digital Footprint, PassiveTotal, External Threats, and Illuminate Internet Intelligence.
Collection Infrastructure: Uses a range of sources for data collection and supports various integrations across security platforms.
Target Audience: Appeals to CISOs, security analysts, and vulnerability managers.
Cycognito
Focus and Features: Specializes in attack surface management and digital risk protection, taking an attacker’s perspective for asset identification and risk prioritization.
Notable Aspects: Offers a Global Bot Network, Multi-vector attack simulator, and an easy deployment model.
Each of these companies brings a unique set of capabilities and specializations to the DRPS and EASM markets, catering to different aspects of digital risk management and cyber threat intelligence. Their diverse offerings provide organizations with various options to protect their digital assets and manage their external attack surfaces effectively.
Conclusions on Digital Risk Protection Services (DRPS) and External Attack Surface Management (EASM)
When to Consider DRPS: Organizations are advised to employ DRPS when their primary goal is to monitor and counteract adversaries' attempts at impersonating the company brand or key executives, taking over accounts, or stealing sensitive data like personally identifiable information (PII), credentials, and credit card information.
When to Consider EASM: EASM should be the choice for organizations aiming to enhance visibility of their assets for improved management. It is particularly effective for reducing misconfigurations, poor security setups, and unnecessary public domain exposures that could be exploited. EASM helps in prioritizing the remediation or mitigation of the most critical exposures.
Understanding the Differences: There exists some market confusion between EASM and DRPS due to overlapping use cases. However, they deliver distinct capabilities and cater to different needs in digital risk management.
Newness of the DRPS Field: The DRPS sector is relatively new, making it challenging for organizations to distinguish between the various solutions available.
Evaluating DRPS Solutions: Key criteria for comparing DRPS solutions include the types of digital platforms monitored, the range of elements watched, remediation and takedown capabilities, and the employment of artificial intelligence technologies.
Takedown Service as a Key Differentiator: One of the primary features that sets DRPS apart is its takedown service, which is crucial for actively countering digital threats.
Relevance Across Business Functions: The importance of digital risk extends beyond security operations and encompasses other business areas, including marketing, legal, and fraud prevention.
Outsourcing of DRPS: DRPS is often outsourced due to many organizations lacking the necessary in-house expertise. This trend highlights the specialized nature of DRPS and the need for expert intervention.
In summary, while DRPS and EASM both address critical aspects of digital security, they cater to different needs and scenarios. Understanding the unique functions and benefits of each is crucial for organizations to effectively manage their digital risk. As the field evolves, staying informed about the latest developments and capabilities of these services is essential for maintaining robust digital protection strategies.