Page 66 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 66
Among the key definitions in The Unified Third Party Continuous Monitoring Cybersecurity Taxonomy are
the following:
• Monitoring Surface: Cataloging of technical or organizational characteristics that help
identify the presence of other events or states, such as domain names, Internet Service
Providers, email service providers, and IP addresses to help stakeholders better
understand how SRS providers identify events. This category of definitions includes
those for fingerprint values and attach surface variables such as those associated with
assets that can be used to understand the scope, strengths, and weaknesses of an
organization’s business and technical environment. Surface variables can determine
whether a control or vulnerability does or does not exist.
• Events: Actual cybersecurity vulnerabilities indicating a lack of a control that a
monitored organization may be exposed to. Domains and categories include:
o Business Intelligence: The range of categories such as reputational exposure,
business metric changes, security incidents, and other events.
o Indicators of Compromise: Including active and passive signals. Active, such as
dangerous activity that is occurring and picked up in real-time or near-real-time;
passive, such as lists, credential leaks, and exposed information.
• Vulnerabilities: Defining the full constellation of areas of potential risk across the
spectrum of cyber elements such as DNS, email, web applications, remote access,
practices, network services, client applications, network, and cloud security.
A “River of Risk”
One of the biggest problems seen by Shared Assessments’ “group of rivals” is slow patching cadence.
With 40–50 billion (with a B) vulnerabilities cropping up per week, slow patching continues to be a major
problem. In descending order are other issues such as Distributed Denial of Service (DDoS) attack
mitigation, End-of-Life systems remaining online, and systems online after End-of-Support.
According to the CSC 2021 Domain Security Report on Forbes Global 2000 companies:
• 81% did not use Registrar-Lock Protocol
• 50% did not use DMARC (Domain-based Message Authentication, Reporting &
Conformance)
• 89% did not use DKIM (DomainKeys Identified Mail, an email authentication method to
detect forged sender addresses)
• 60% of “homoglyph” domains (to catch typos like “amuzon”) were registered in the last
two years.
66