SecurityScorecard Buys Driftnet for Extra Web Visibility

SecurityScorecard bought an web scanning startup led by a longtime United Kingdom authorities researcher to get deeper visibility into web infrastructure and hidden exposures.

See Additionally: Autonomous Safety within the AI Period: Effectivity Meets Efficacy

The New York-based third-party threat administration vendor stated Driftnet was engineered to find hidden infrastructure via extremely focused reconnaissance strategies that map relationships between configurations and determine chained misconfigurations, stated co-founder and CEO Aleksandr Yampolskiy. Driftnet indexes about 40% extra internet-exposed hosts than rival platforms, he stated.

“Synthetic intelligence has modified the assault floor in ways in which have outpaced most safety packages,” Yampolskiy instructed ISMG. “Brokers are deployed throughout vendor environments at scale and velocity that basically creates fully new classes of third-party threat.”

Driftnet, based in 2019, employs fewer than 10 folks and hasn’t disclosed any exterior funding. The corporate has been led since inception by Ben Schofield, who beforehand spent greater than 12 years as a U.Okay. authorities researcher, seven of which had been targeted on the structure and implementation of large-scale cyber methods (see: SecurityScorecard Buys HyperComply to Broaden Danger Platform).

Why SecurityScorecard Selected to Purchase Driftnet Slightly Than Associate

Yampolskiy stated Driftnet dynamically maps each IPv4 and IPv6 environments and screens greater than 3 billion IP host-port mixtures in addition to greater than 650 million domains. Utilizing Driftnet’s reconnaissance information, Yampolskiy stated SecurityScorecard researchers had been in a position to determine publicly accessible OpenClaw management panels in actual time.

“We had been ready to make use of Driftnet know-how and Driftnet information to get a dwell view of all of the OpenClaw cases on the market, as a result of lots of people deploy these OpenClaw assistants, however then they do not safe them correctly,” Yampolskiy stated. “And so utilizing this dwell real-time reconnaissance information, we had been in a position to immediately uncover all of the publicly accessible OpenClaw management panels.”

SecurityScorecard additionally grappled with a Chinese language espionage marketing campaign involving greater than 1,000 contaminated operational relay containers concentrating on U.S. infrastructure via compromised small workplace routers and edge gadgets. He stated Driftnet’s visibility helped researchers determine malicious infrastructure assault patterns and uncover exercise that SecurityScorecard beforehand wouldn’t have been in a position to detect.

“We weren’t in a position to uncover one of these information earlier than, however now we will, so because of this, we’re in a position to make a lot sooner, smarter enterprise selections,” Yampolskiy stated.

Proudly owning Driftnet permits SecurityScorecard to straight management information high quality, attribution accuracy and future innovation, Yampolskiy stated. Slightly than licensing information externally, Yampolskiy stated the corporate can now customise and develop the intelligence platform internally to help evolving use circumstances tied to AI safety, risk looking and internet-scale visibility.

“SecurityScorecard’s differentiator has at all times been that we selected to gather all of our information ourselves as a result of we need to personal the accuracy of the information,” Yampolskiy stated. “We need to personal the attribution of the information. So principally, the risk panorama modified sooner than many packages have, and now that we now have this information, we will principally evolve with a change within the panorama.”

How Driftnet Unites Third-Social gathering Danger, Safety Operations

Driftnet’s capabilities prolong past compliance-oriented third-party threat administration packages and into core safety operations workflows by giving organizations real-time operational visibility into web infrastructure, uncovered property and lively concentrating on exercise, Yampolskiy stated. The platform can feed intelligence straight into safety operations facilities, enabling organizations to detect dangers sooner.

“Driftnet means that you can acquire real-time visibility into your OT, IoT environments to guard operational resilience, to find your cloud footprint property, to measure shadow AI and protectively defend in opposition to threats,” Yampolskiy stated. “So, we principally turn into the bridge between the compliance-focused TPRM groups and the precise threat-focused SOC groups.”

SecurityScorecard plans to combine Driftnet tightly into its Titan platform whereas additionally persevering with to promote it as a separate product. Clients in industries comparable to monetary providers need to devour the intelligence straight via APIs and combine the information into their very own SOC environments, SIEMs and risk intel platforms. SecurityScorecard additionally needs Driftnet to enhance visibility throughout all buyer workflows.

“Individuals find it irresistible as a standalone product, as a result of they will put it into their SOC instantly,” Yampolskiy stated. “However we’re not within the enterprise of getting 10 standalone merchandise. It is a separate SKU you could buy individually, however it’s all a part of the SecurityScorecard Titan platform to make it possible for all these items profit from being a part of this platform.”

Driftnet’s capabilities are significantly engaging to giant enterprises, monetary establishments and public sector organizations since they’ve devoted risk looking groups able to operationalizing large-scale risk intelligence and web reconnaissance information. Smaller organizations typically outsource their SOC capabilities and will lack the inner assets crucial to completely leverage one of these intelligence.

“These Tier Is can do extra with the Driftnet information,” Yampolskiy stated. “They will higher hunt the threats. They will higher detect the threats, they will shield the surroundings. So hastily, they see what the hacker sees. Successfully, they’re in a position to see the distinctive 0.1% of what the hackers see and promote on the darkish internet, and so they’re in a position to see that infrastructure that might be malicious.”