- Table of contents
Marketing ManagerShare on LinkedIn
I love to get stuck in and let the creative juices flow. My strengths lie in idea generation, development and execution. Over 5 years experience in B2B cybersecurity. I reign supreme when my imagination and creativity can run wild.
Table of contents
The Top 20 Frequently Asked Questions Our Sales Team Get Asked & Their Answers
We know how busy security teams are now, so to save you time, we thought we would answer the top questions we get asked before you jump on a call with us. Here are our top 20:
1. How intrusive is Cyberint’s external discovery process? When you scan is there any active testing?
Cyberint continuously discovers the open, deep and dark web to detect all of the external IT assets in a customer’s digital footprint. The process is fully automated and passive so it does not actively validate or test any security controls. The discovery process will not “set off any alarm bells” or give security teams the impression an attack is underway. There is no impact on normal operations.
Using publicly-available data, like DNS records, WHOIS data, and SSL certificates, Cyberint’s Attack Surface Management module is able to map out an organization’s external attack surface. All discovered assets are checked for common security issues. The categories of assets detected are: IP addresses, domains, subdomains, cloud storage, and organizations (i.e. trademarked brands).
These are the types of security issues we identify:
- Certificate Authority issues
- Compromised Credentials
- Email Security issues
- Exploitable Ports
- Exposed Cloud Storage
- Exposed Web Interfaces
- Hijackable Subdomains
- Mail Servers In Blocklist
- SSL/TLS issues
2. How often do you automatically discover all assets?
By default – weekly, but this can be changed per the client request and needs (can be daily if needed). We have 5 asset types: IPs, domains, Sub-domains, Cloud storage and organization names. Each discovered asset is counted as a single asset.
3. Can assets be added manually? Can I take an asset out of scope and not have it monitored?
Yes and yes, each asset has one of three defined statuses: “in scope”, “out of scope” or “unvalidated”.
Whenever you manually add an asset, you have two options: you can either manually run a scan or wait until the next discovery cycle, which checks for issues on your assets. Once the discovery process starts, the new assets will be included, and any issues will be identified alongside the newly added assets. Additionally, the security score is subject to change based on the findings related to the new assets.
4. Are cloud-based assets discovered?
Yes, we discover S3 buckets, Google cloud storage, Azura data lakes, Aazure storage blob, AWS accounts & more.
5. My company has many different brands, can I monitor them individually?
Yes, as our platform is multi-tenant, we can set up an Attack Surface Management (ASM) instance for each brand and monitor the brands separately.
6. How can I increase Attack Surface Management automation?
With Cyberint’s automation, we can precisely determine which assets are part of your organization’s external IT infrastructure. Moreover, we offer automated validation and scoping based on your preferred confidence level (e.g. 80% or 90%). This reduces the time and effort involved in scoping and asset validation, resulting in a seamless single flow that occurs automatically from discovery to alerting (Figure 2 & 3).
Discovered assets that are below your selected threshold are not automatically added into your inventory and instead await a manual review. In addition, the Cyberint’s team of highly skilled and experienced analysts review the discovered assets and only if it is relevant do they update the confidence score and send it to you.
7. What is the level of confidence in the digital assets found during an Attack Surface discovery?
We assign a confidence score to each discovered asset that says how confident Cyberint is that the asset belongs to you. So if a newly discovered asset has an 80% confidence score, that means we are 80% sure that asset is part of your attack surface.
When the automation shows a finding of medium confidence, before it reaches you, our analysts act as an extension of your team and review it, either deciding if it is a false positive or forwarding it on to you with added context.
8. What is the risk of each found issue?
Each issue’s risk score is calculated according to a sophisticated algorithm and depends on a number of factors including the type of issue found and the asset that is related to the issue.
Each issue then get’s a score (low, medium, high, very high) and an overall calculation is then made to give the total risk of the issue type.
9. Can you automate actions based on alerts and integrate with other tools?
Yes. All alerts can be automatically sent to SIEM/SOAR platforms to trigger automated playbooks. We have an API that can integrate our information into existing SIEM/SOAR solutions and corelate with information from other intelligence platforms. We also integrate with Splunk, Azure AD, AWS, JIRA, OKTA, Qradar, XSOAR out of the box.
10. How much time does it take down a website/social media account/mobile app?
The takedown time varies between hours and days. Since the takedown process also involves hosts/registrars/SM platforms that are not under Cyberint’s control, we cannot predict the time it takes them to respond and takedown illegal content based on our request.
11. Can you guarantee success?
We cannot guarantee that a take down will be successful. That being said, our success rate is very high at over 95% for 6 consecutive quarters.
12. What is your Takedown process?
We have a dedicated takedown team that specializes in takedowns. We have forged partnerships with a diverse range of hosting providers, registrars, social media platforms, and app stores, and we have streamlined processes that are customized to each case. When a takedown request is initiated, a form is automatically completed and sent from a Cyberint email address to the relevant host, outlining the reasons for the request and the associated risks. Our team then tracks the requests, and the status can be seen in the “Takedown Requests” dashboard. We can take down phishing webpages, phishing domains, social media accounts, social media posts, paste sites, GitHub repositories, mobile apps, and more.
13. Can you discover a fake job posting? Do you cover job sites like “indeed” “monster.com”, “Glassdoor”?
Yes, you can define this use case as a prioritized requirement with your dedicated analyst and we can add websites like these into scope for continuous monitoring.
14. Can you prevent our official website from being copied? And can you alert us if it is?
We cannot prevent your website from being copied BUT we can alert you immediately if it happens and help with the steps to get it taken down. We can also monitor for lookalike domains.
15. What sources do you cover?
We cover thousands of sources from the clear, deep, and dark web. We cover:
- Search engines such as Bing and Google
- All the major cybercrime forums such as ExposedVC, GenesisMarket and Nulled
- Instant messaging platforms such as Telegram & Discord
- Social media
- GitHub and other pastesites
- Application stores
- File sharing websites
- Security Feeds
- Data leakage sites
- Credit Card stores
- Blackmarkets such as RussianMarket and 2easy.shop
- Malware logs
- Dark networks
and more. 5% of our sources are considered “Dark web”. The rest are in the clear/deep web.
16. How often do you crawl and scrape your sources? And how do you evade detection?
Each source is crawled and scraped according to the allowed policies on it. For example, if a dark web forum is monitored for suspicious scraping activity, we will make sure we collect information at a pace that does not raise any suspicion. We try to keep each source up to date with no longer than a week between each scraping (often much much more).
17. How do you deal with language barriers?
We have automated translation mechanisms in place and our the Cyberint team speaks over 22 languages fluently, including Russian, Arabic, English, Chinese, Japanese, Filipino languages like Tagalog, Ilocano and Ilonggo and more.
18. Can you add new sources on demand?
Our sources team is constantly looking for and adding more sources. Every request is examined by the team and we are more than happy to add additional sources that can provide value to our customers. The turn-around time for adding a source is relatively short (1-4 weeks usually).
19. Do you create generic threat reports?
Cyberint has a very experienced research team that tracks global threat events and releases periodic research reports. Every major global event that occurs is covered by the Cyberint research team. – For example, we have published report on: Tthe Russian – Ukraine war, the Log4shell vulnerability, specific Ransomware groups tracking and more.
20. Do you create dedicated reports for my company?
Cyberint’s research team can create reports on any desired subject, using “investigation hours”. Each customer can purchase these hours and each research is priced based on the number of hours required to complete it. The subjects vary between VIP exposure reports, industry related threats, Incident response, Deep investigations and more