The 5 Biggest Feature Additions to Cyberint in 2024

As we get to the end of 2024, we thought we’d look at all the significant updates Cyberint (now known as Check Point Infinity External Risk Management) has introduced over the year. These new features are designed to help you better manage your cyber risks and improve your overall security posture. Here’s a look at the five biggest feature additions and their impact:

1. Major Revamp of the Attack Surface Monitoring (ASM) Module

The Attack Surface Monitoring Module has undergone a major overhaul to help you effectively manage cyber risks related to your organization’s external attack surface. Key improvements include:

• Security Posture Score: This score is based on open alerts affecting your organization, giving you a clear snapshot of your current security status.
• Improved user interface and additional risk scoring data
  • New ASM summary widget: Gives you an overview of the data in one glance (situated at the topn of the screen to the right of the Security Posture Score)
  • Asset Severity Rating: Shows the severity of risks per asset, allowing you to focus on the most critical vulnerable assets first.
  • Active Alerts Column: Displays the number of open alerts per asset, making it easier for you to track and manage ongoing issues.
• Enhanced asset filtering options: Allows you to filter alerts by their severity and influence the score by actions taken, ensuring that your team addresses the most pressing threats first
• Advanced Discovery process controls: Gives you the ability to run any type of scan on-demand whenever needed (Asset Discovery, Exposure Scan, Validation and Asset Scoping, Technology Discovery, Active Vulnerability Scan)
• ASM Asset cards: Allows you to hav a 360 degree view of any asset, including the discovery path, parent and/or child assets, DNS records, WHOIS data, technologies observed running on the asset, exposure items, relevant alerts, and more.
• Automatic Alert Closure: A seemingly small but impactful feature, the automatic CVE alert closure enhancement automatically closes CVE alerts when the vulnerable technology is updated. This reduces the number of open alerts and increases efficiency.

These enhancements help you maintain a comprehensive view of your attack surface, prioritize remediation efforts, and improve your organization’s overall security posture.

2. Active Exposure Validation (AEV)

Cyberint’s AEV capability actively tests your organization’s exposures for exploitability. It continuously validates exposures, from open ports and unpatched software to exposed login pages and web apps. Key features include:

• Automation: Tests known CVEs for exploitability, reducing the manual effort required from your team.
• Real-Time Alerts: Issues alerts in real-time to quickly identify and remediate urgent risks.
• Beyond CVE Detection: Performs automated tests to uncover common security issues that fall outside the scope of a vulnerability database, including finding vulnerabilities in YOUR owned web apps.

By leveraging AEV, you can level up your CTEM program and ensure that your organization’s digital assets are continuously monitored and tested for vulnerabilities, helping you stay ahead of potential threats.

3. Threat Landscape Module

This module allows you to follow trends in your specific threat landscape, tailored to your industry and region. It helps you stay informed about the threats most relevant to your organization. By understanding these trends, you can:

• Anticipate potential threats and prepare your defenses accordingly.
• Tailor your security strategies to address your organization’s most probable risks.
• Stay ahead of emerging threats specific to your industry and region.

This module allows you to make informed decisions and proactively protect your organization against evolving cyber threats.

4. Threat Hunting License

Cyberint has released a Threat Hunting License to enable you to:

• Research, investigate, and proactively hunt for cyber threats.
• Understand your organization’s specific threat landscape.
• Drill down on the threats you’re most likely to face.
• Investigate targeted attacks and hunt for threats that have evaded detection.

The Threat Hunting License provides extensive capabilities, tools, and data to dramatically improve the efficacy of your threat hunting activities. By leveraging the license, you can enhance your team’s ability to detect and respond to sophisticated threats, ultimately strengthening your organization’s security posture.

The new Risk Dashboard gives an executive-level overview of an organization’s external cyber risk profile. There is an overall risk score, assigned on a scale from 1 to 100, which is determined by three more granular scores:

• Target Level Score – A measure of how frequently attackers target a specific organization.​
• Posture Risk Score – A measure of an organization’s external security posture and security hygiene. ​
• Data Exposure Score – A measure of how exposed an organization’s data & credentials are on the web.​

The Risk Dashboard also provides benchmark scores to put your score into context and help you understand whether you’re more secure or less secure than organizations in the same industry and region.

In addition, the Risk Dashboard provides a high-level view of an organization’s strengths and weaknesses; the areas where risk is being effectively mitigated, as well as the areas that are presenting significant risk and should become a focus.

5. New Administrative Tools For Streamlined Operations Screen

Several tools have been introduced over the course of 2024 including:

• The Takedown Requests screen
• The Credentials Purchase Request Screen
• The Investigations Log

Takedown Request Screen

increases transparency into the takedown process. It provides greater details on each step and makes it easy to track and report on all the requests you’ve made. This feature helps you:

• Monitor the progress of takedown requests in real-time.
• Ensure that malicious content is removed promptly.
• Maintain detailed records for reporting and compliance purposes.

This screen simplifies the takedown process, making it more efficient and effective for your team.

The Credentials Purchase Request Screen

When credentials are suspected to be compromised Cyberint has the ability to purchase these credentials to validate them. Now you can track the credentials that have been purchased, including when the request was made and if it was completed, when it was completed.

The Investigations Log

Most organizations don’t have the tools or time to keep up with escalating and increasingly sophisticated threats to their digital assets. With Cyberint’s Deep Dive Cyber Investigations, you can hunt, assess and respond to these threats with the help of our highly skilled analysts. And now you can

• Keep track of those investigations in one place
• Filter by type
• See their status, estimated delivery date and more

These updates represent significant advancements in Cyberint’s (Now Infinity ERM’s) capabilities, helping you stay ahead of evolving external cyber threats and manage your security posture more effectively.