SecurityTrails Blog SecurityTrails

At SecurityTrails we continuously upgrade, improve and enhance the quality of user experience in our Attack Surface Intelligence platform.
Today, we are thrilled to announce several Attack Surface Intelligence updates we've recently been working on: Risk History by Host, Risk Rules API, Search for Signatures, and other upgrades! Keep reading to learn more.
Admin Panel detections in Inventory
A great new feature from our latest release is Admin Panels, located within the Inventory tab. This option will help you locate administrator panels in mere seconds. This allows security teams to find exposed control panels from popular technologies and software, which may be out of compliance with policies, and therefore, adding unnecessary risk to your organization. Among its many highlights, the Admin Panel feature:
Works on deep paths. Works on IPs without hostnames. Includes firewalls, enterprise software, developer tools, and CMS's. Adds new signatures frequently and automatically.
On that interface, you'll find a Counts by Panel summary, where you'll find the top exposed panels, along with the number of affected IP addresses and hostnames. Scrolling down, you'll also find the full list of panels we found, along with a description, the port where it was found, the affected service, and a quick target link so you can jump right into each one of them:
Risk Rules API
The new Risk Rules API allows users to get immediate data for CVEs, including vulnerability name, description, risk severity (classification), affected hostnames, technical references found on the Internet, and project metadata such as ID, title and snapshot creation date.
Risk History by Host
The new Risk History by Host feature is the perfect tool for keeping an historical tracking of your current vulnerabilities and misconfigurations. By listing them, you'll know when they appeared for the very first time, and most importantly when they were cleared (fixed, patched) and no longer showing on the Risk Rules report. As shown in the above screenshot, you can also filter the Risk History by Severity or Event type (added or cleared), and even export the results into a CSV file.
End-user ability to search signatures
This new feature gives Attack Surface Intelligence users the ability to search for risk signatures, so customers can determine whether to check for a certain vulnerability or if a misconfiguration is present on our Attack Surface Intelligence checks, as shown in the following screenshot. SecurityTrails periodically releases updates that improve the performance, security, and logic of your experience in Attack Surface Intelligence. By enhancing the usability of the Attack Surface Intelligence interface, we create a new environment that allows you to identify and prevent threats much more effortlessly. Why don't you try it yourself and facilitate your most thorough and effective way of protection?
Book your demo now!

As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.
Previous efforts—largely encumbered by vendor-specific naming convention inconsistencies or by the lack of a community consensus around establishing classification primitives—were centered on multidimensional methods of identifying security problems without regard for interoperability; in a seminal progress report, MITRE will later refer to this budding cacophony of naming schemas as the vulnerability "Tower of Babel." Over the years, a community-led effort formally known as the [Common Vulnerabilities and Exposures (or CVE) knowledge base, will grow to become the vulnerability enumeration product that finally bridged the standardization gap.
A (very) brief history of CVE
In 1999, as David E. Mann and Steven M. Christey (The MITRE Corporation) were trying to gather momentum for a publicly disclosed alternative to early attempts by organizations at sharing any discovered computer flaws, the internet was already buzzing with a growing number of cybersecurity threats. Consequently, CVE's meteoric rise through corporate networks clearly meant that the industry was ripe for a departure from siloed databases and naming conventions to a more centralized approach involving a unified reference system. Thus, CVE evolved as a practical evaluation tool—a sort of dictionary, if you will—to describe common vulnerabilities across diverse security platforms without incurring the penalty of having a multitude of references attributed to the same exposure. Its subsequent endorsement will come in many forms, including being the point of origin of countless new CVE-compatible products and services originating from the vendor community at large.
In addition, as the CVE initiative grew, so did the number of identifiers (or CVE entries) officially received and processed through several refinement phases and advisory boards—from a modest 321 entries back in 1999 to over 185K as of this year; the list keeps growing. A second major catalyst for integration orients us toward operating systems and their inclusion of CVE-related information to deal with software bugs and the inherent asymmetries that arise from product release to patching, as it is well understood that the presence of any high-impact vulnerabilities exponentially increases the probability of a serious breach. Finally, CVEs are the cornerstone of threat-informed defense and vulnerability management strategies in a digital world visibly marked by the presence of miscreants in practically every area, combining these under the banner of the MITRE ATT&CK® framework.
This sort of objectivity distills and contextualizes the impact of security vulnerabilities together with adversarial tactics against the risk assessment backdrop, providing defenders with a unique opportunity to plan any mitigation responses accordingly. But, what qualifies as a CVE? In short, a vulnerability becomes a single CVE when the following three criteria are met:
The reporting entity, product owner, hardware, or software vendor must acknowledge and/or document the vulnerability as being a proven risk and explain how it violates any existing security policies. The security flaw must be independently fixable; that is, its context representation does not involve references or dependence on any additional vulnerabilities. The flaw affects a discrete codebase, or in cases of shared libraries and/or protocols that cannot be used securely; otherwise, multiple CVEs will be required.
After the remainder of the vetting process is complete, every vulnerability that qualifies as a CVE is assigned a unique ID by a body of numbering authorities (or CNAs) and posted on the CVE website for public distribution.
CVE and the attack surface
With the frantic expansion of the attack surface beginning some years ago came the v

Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
This year's 15th installment of the Verizon Data Breach Investigations Report (DBIR) features yet another impressive dataset of corporate breaches and exposures marked by an overriding postulate: attack surfaces matter and they should dictate a large portion of your risk assessment strategy.
First launched in 2008, the DBIR's 2022 version has been significantly expanded, from a modest amount of 500 cases, to include 5212 breaches and 23896 incidents examined through the lens of the VERIS 4A's (Actor, Action, Asset, and Attribute) framework. Its timeline section looks at comprehensive aspects such as discovery time, any attacker actions taken pre, and post-breach, and the number of actions per breach. Additionally, there is a pattern-matching initiative to help organizations navigate through some of the most concerning incidents while providing a handful of preliminary security controls.
Industry verticals included in this 2022 report include Accommodation and Food Services (72), Arts, Entertainment and Recreation (71), Educational Services (61), Financial and Insurance (52), Healthcare (62), Information (51), Manufacturing (31 to 33), Mining, Quarrying, and Oil & Gas Extraction + Utilities (21 + 22), Professional, Scientific and Technical Services (54), Public Administration (92), Retail (44-45), and Very Small Businesses (10 employees or less). The report highlights threats from different regions of the world such as Asia Pacific, Europe, Middle East, Africa, Northern America, Latin America, and the Caribbean, with SecurityTrails playing the role of intelligence contributor as in the recent past.
Summary of key findings
Through a series of carefully-selected and correlated investigative scenarios, a collective effort that the DBIR refers to as "creative exploration", albeit without bias, the report's findings continue to highlight several areas of interest from where cybercrime continues to drive profit. For example, identity theft and fraud motivate an important sector of transnational cybercrime, with some of the most explicit cases centered on the use of ransomware, no surprise there. However, a bustling amount of incidents, where default or stolen credentials are being leveraged, extended the attack paths with relative ease, opportunistic or not, the problem showed evidence of being compounded by a growing lack of adequate visibility into publicly-facing assets and (any) corresponding vulnerabilities. At the tail end of the distribution, the vulnerability-to-breach ratios remained particularly significant.
To put it in the DBIR's own parlance, this is where attackers are looking (it's a numbers game!); a sustainable environment with enough incentives as miscreants come hard on the heels of struggling security teams. Important, too, are the enticing circumstances applicable to different industries. In other words, and perhaps not surprisingly, attacks based on a specific business model are likely to be more successful in the long run. An observed convergence between the human element and system misconfigurations remained just above the 5th percentile (a decrease from 2020), but it drove an estimated 13% of overall system breaches, with misconfigured cloud storage instances leading the trend.
How Attack Surface Intelligence helps prevent DBIR’s most popular threats
As we can see from the key findings from the 2022 DBIR, lack of visibility into public-facing assets is one of the most prominent problems inhibiting security teams from preventing threats to their organizations. Since we introduced Risk Rules, our main goal was to help security teams find an easy way to generate a complete and dynamic inventory of all their digital assets, as well as identify CVEs and critical misconfigurations over all their hosts. And when it comes to asset discovery, as you see from the following screenshot, A-S-I is particu

Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
This year's 15th installment of the Verizon Data Breach Investigations Report (DBIR) features yet another impressive dataset of corporate breaches and exposures marked by an overriding postulate: attack surfaces matter and they should dictate a large portion of your risk assessment strategy.
First launched in 2008, the DBIR's 2022 version has been significantly expanded, from a modest amount of 500 cases, to include 5212 breaches and 23896 incidents examined through the lens of the VERIS 4A's (Actor, Action, Asset, and Attribute) framework. Its timeline section looks at comprehensive aspects such as discovery time, any attacker actions taken pre, and post-breach, and the number of actions per breach. Additionally, there is a pattern-matching initiative to help organizations navigate through some of the most concerning incidents while providing a handful of preliminary security controls.
Industry verticals included in this 2022 report include Accommodation and Food Services (72), Arts, Entertainment and Recreation (71), Educational Services (61), Financial and Insurance (52), Healthcare (62), Information (51), Manufacturing (31 to 33), Mining, Quarrying, and Oil & Gas Extraction + Utilities (21 + 22), Professional, Scientific and Technical Services (54), Public Administration (92), Retail (44-45), and Very Small Businesses (10 employees or less). The report highlights threats from different regions of the world such as Asia Pacific, Europe, Middle East, Africa, Northern America, Latin America, and the Caribbean, with SecurityTrails playing the role of intelligence contributor as in the recent past.
Summary of key findings
Through a series of carefully-selected and correlated investigative scenarios, a collective effort that the DBIR refers to as "creative exploration", albeit without bias, the report's findings continue to highlight several areas of interest from where cybercrime continues to drive profit. For example, identity theft and fraud motivate an important sector of transnational cybercrime, with some of the most explicit cases centered on the use of ransomware, no surprise there. However, a bustling amount of incidents, where default or stolen credentials are being leveraged, extended the attack paths with relative ease, opportunistic or not, the problem showed evidence of being compounded by a growing lack of adequate visibility into publicly-facing assets and (any) corresponding vulnerabilities. At the tail end of the distribution, the vulnerability-to-breach ratios remained particularly significant.
To put it in the DBIR's own parlance, this is where attackers are looking (it's a numbers game!); a sustainable environment with enough incentives as miscreants come hard on the heels of struggling security teams. Important, too, are the enticing circumstances applicable to different industries. In other words, and perhaps not surprisingly, attacks based on a specific business model are likely to be more successful in the long run. An observed convergence between the human element and system misconfigurations remained just above the 5th percentile (a decrease from 2020), but it drove an estimated 13% of overall system breaches, with misconfigured cloud storage instances leading the trend.
How Attack Surface Intelligence helps prevent DBIR’s most popular threats
As we can see from the key findings from the 2022 DBIR, lack of visibility into public-facing assets is one of the most prominent problems inhibiting security teams from preventing threats to their organizations. Since we introduced Risk Rules, our main goal was to help security teams find an easy way to generate a complete and dynamic inventory of all their digital assets, as well as identify CVEs and critical misconfigurations over all their hosts. And when it comes to asset discovery, as you see from the following screenshot, A-S-I is particu

With the rise in cybersecurity attacks targeting individuals and corporations alike, it's become increasingly important not only to ensure preparedness for cybersecurity attacks but to set up processes for early detection and response as well.
The Cybersecurity and Infrastructure Security Agency, commonly known as the C-I-S-A, is an agency of the United States government that actively watches for cybersecurity threats and provides ways to secure various organizations (including other governmental agencies), families, and individuals. The C-I-S-A Shields Up program is a cybersecurity effort aimed at combating state-sponsored and other retaliatory cybersecurity attacks launched against organizations and individuals based in the United States. Shields Up outlines clear cybersecurity procedures for dealing with the most targeted methods of cybersecurity attacks, usually directed at organizations, families, and individuals including, notably, corporate leaders.
Protection for families and individuals
It's becoming more and more commonplace for everyone in a household to have their own set of personal devices. These include mobile phones, tablets, laptops, and desktops. Devices like mobile phones and tablets offer themselves as easy targets for cybersecurity attacks. Their in-app advertisements and other web-based campaigns can lead to malware being downloaded onto a device, making it imperative to follow certain cybersecurity practices to ensure that you and your family members remain safe. With basic mobile phones and tablets being sold with over 64G-128GB of on-device storage, one can imagine the amount of identifiable, personal, and easily usable information that each device can hold. The C-I-S-A's Shields Up program outlines a list of steps for individuals and families to follow in the interest of preparing themselves for and staying secure from cybersecurity-related threats.
Protection for corporate leaders
When it comes to cyberattacks, phishing attacks, and ransomware, corporate leaders like company directors, financial heads and CEOs are among the most targeted members of organizations. CEOs and other company leaders are commonly attacked as their systems and email accounts generally hold more useful information than others in a company. Following the guidelines laid out by the C-I-S-A's Shields Up program helps corporate leaders and CEOs stay safe and secure in the face of cybersecurity-related threats.
Protection for organizations
While protection for organizations is usually handled by cybersecurity experts, the most common sources of cybersecurity attacks on organizations originate from basic points of entry, such as VPN entry points, remote desktops, and other areas typically left unsecured. Fortunately, Shields Up outlines a list of steps that organizations can follow to stay secure against cybersecurity-related threats.
How can Attack Surface Intelligence help your organization?
Preparation
The SecurityTrails Attack Surface Intelligence, A-S-I platform helps transform your security process from being reactive to proactive, and therefore preventive. This allows your organization to be better prepared for any possible cyberattacks and to stay ahead of cybercriminals. With automation being the key strength in heading off attacks, A-S-I ensures that persistent monitoring, CVE detection, and parsing of your organization's virtual assets is no longer a long and tedious process.
A-S-I platform features and subjects include:
Automatic detection and listing of IP addresses belonging to your organization. ASN, networks on which your organization's assets are hosted. Full domain and subdomain mapping. Detection of dev and staging subdomains. Open ports within your organization, for critical services such as databases. Self-signed SSL certificates issued within your organization. Web server vendors and versions used within your organization. Risk detection, and much more!
Consider the very first step of any cybersecurity proc

Following the trends set forth by our post-pandemic world, organizations continue to accelerate digitalization and reliance on technology to improve decision making while increasing the efficiency of their communications, all in their efforts to simply optimize business operations. Additionally, the rise in popularity of remote work has enhanced workforce flexibility and satisfaction as well as business continuity. But nothing great can come without risk.
As organizations IT infrastructures grow to accommodate all of these advancements, digital assets and resources continue to expand too, and not often flowing neatly into easily visible and monitored areas. Furthermore, the growth of cyber threats aimed at those digital assets make fighting various types of cybercrime a priority for every organization.
The compliance side of the digital transformation coin
As cybersecurity threats continue to grow, so do data loss prevention trends. This phenomenon is led by government-imposed regulations such as GDPR, HIPAA, PCI DSS, and the growing myriad of new security policies imposed by various agencies for the handling of sensitive assets. The cost associated with lacking an efficient and effective compliance program is growing too. Along with the reputational damage organizations can suffer, studies have shown that organizations can lose an average of $4 million in revenue due to a single non-compliance event. In order to properly adhere to these regulations, organizations need to understand the full scope of their IT infrastructure, which includes knowing what assets they have, where they're located and who is responsible for them. And with today's complex IT infrastructure that includes both on-prem and cloud environments as well as forgotten and shadow infrastructures, this comes as a challenge.
The more assets an organization has, the harder it is to gain a full view of them. Managing numerous assets makes spotting security misconfigurations or policy violations among them that much more difficult. Persistent monitoring of their infrastructure, however, can provide real-time visibility into an organization's ever-changing digital assets, allowing them to identify any compliance gaps. And rather than relying upon various types of disparate tooling to achieve this, when having to identify, inventory, classify and monitor digital assets can only add to an already complex environment, a single platform to provide that kind of unified attack surface monitoring process arrives as a solution.
Leading your compliance efforts with ASR
Our leading platform Attack Surface Reduction (ASR) provides organizations with much-needed attack surface monitoring and a comprehensive understanding of all their digital assets as well as their location, ownership, services, and the technologies running on them, all to keep security teams aware of any potential security risks disrupting regulatory compliance.
How can ASR guide your compliance efforts?
Know the location of your every asset
A large number of organizations employ both an incomplete asset discovery process and an obsolete asset inventory. And like we always say: you can't protect what you can't see. A forgotten or unknown asset is impossible to secure, offering a sure path to a security event, regulatory penalties and fines. With Attack Surface Reduction, you'll be able to gain a complete view across your external infrastructure, allowing you to improve your security posture and lead your compliance program. ASR provides you with a single source of truth regarding the location of each of your internet-connected assets, and reveals any new changes that have been made within your infrastructure, including when and where any new asset is discovered. This way, any shadow or forgotten infrastructure, easy entry points for malicious actors, and easy risks of failure to comply with government and industry regulations, is immediately discovered by ASR.
Detect immediate risks and out-of-policy assets