Service Module Description
Quantify, monitor and reduce cyber risk with Orbit Security
Orbit Security ratings are a powerful way to continuously monitor the cyber security posture of your organisation, with data-driven analytics so you can enhance the security of your ecosystem.
Orbit Security ratings continuously monitor your organisations’ public security posture for breaches, vulnerabilities and misconfigurations which could be exploited by malicious actors, your organisation to enhance their enterprise cyber risk management activities.
The Methodology
The product uses a proprietary Machine-Learning (ML) algorithm to discover an organisation’s public-facing IT infrastructure, including any domains and sub-domains that can be attributed to that organisation. Users input a single parent-level domain (e.g. ‘thomasmurray.com’) and Orbit Security’s ML algorithm does the rest, using indirect methods to capture the organisation’s attack surface. The cutting-edge ML algorithm helps to ensure highly accurate, actionable attack surface discovery, and it focuses on radically reducing the number of false positives experienced by users, which can be a frustrating feature of similar tools. The network footprint is rediscovered at least weekly, identifying any assets that have been added or taken down.
The second stage of the methodology is an objective, data-driven risk assessment, updated at least weekly. Orbit Security aggregates open-source, proprietary and premium third-party threat intelligence feeds to provide deep assessments of every organisation and its underlying infrastructure. The platform monitors for breached infrastructure, breached or stolen employee data, known and potential vulnerabilities, and misconfigurations which could affect an organisation’s security posture, aggregated into six categories:
- Breach: discovers breaches and vulnerabilities in your network, including:
- Infrastructure breaches, where a malicious actor/hacker has gained access to your servers (e.g. malware, port scanning).
- Data breaches and stolen credentials, where employees’ corporate emails and passwords have been leaked publicly as a result of a third-party data breach.
- Server Configuration: publicly accessible services running on your servers can have known vulnerabilities because of legacy or out-of-date software, for example. Managing what services you have installed, as well as the visibility of the servers themselves, helps to prevent attackers exploiting security issues.
- Mail: mail server issues can lead to problems with email delivery, including delays and loss of messages, and attacks can even impersonate members of an organisation, or use the organisation’s email infrastructure to target others. We check for a wide range of potential issues in your email infrastructure; actively monitoring your email set-up and configuration can prevent critical reputational, data and financial loss.
- DNS: DNS is a popular target for attackers looking to insert their own infrastructure in place of legitimate servers, often without detection, and extensions aiming to secure DNS data are difficult to set up currently. We continuously monitor for issues in your DNS configuration and synchronisation which can go unnoticed.
- HTTP/HTTPS: the HTTP protocol, like other core protocols, was defined at a time when security concerns were less common. Common standards have since been developed as countermeasures to flaws discovered in the protocol by hackers. Today, websites and web applications must be properly configured to prevent hackers breaching your organisation’s resources.
- SSL/TLS: We scan for configuration issues that might allow attackers to circumvent a compromised SSL/TLS certificate. TLS (and, previously, SSL) is a cryptographic protocol introduced to address core security requirements (authenticity, confidentiality and integrity) for any network protocol. However, it is inherently complex and can be hard to configure and maintain correctly.
The Orbit Security Platform
The Orbit Security – Enterprise is a leading cyber risk rating solution. The platform helps organisations to strengthen their security and quantify cyber risk by providing an external, automated, regularly updated KRI.
Security Ratings
An objective, 0-1000 rating quantifying the organisation’s security posture based on Orbit Security’s robust methodology. The security rating is updated at least weekly, and it designed to help Information Security professionals measure, benchmark and communicate security risk to stakeholders such as executive management and clients. A security rating can also be used to help quantify cyber risk for regulatory compliance, M&A, cyber insurance and many other use cases.
Benchmarking
Orbit Security benchmarks every organisation against its peers, allowing management to understand how the organisation’s security posture measures in relation to comparable organisations such as competitors. Users can also compare their organisation’s score to Orbit Security global benchmark of 1000s of organisations.
Risk & Remediation Workflows
Users can visualise risks across their organisation in an aggregative view, consolidated against Orbit Security’s six risk categories and prioritised by their relative high, medium, low and informational impact. Users are provided with a high-level roadmap to improve their scores, are shown which domains present the highest overall risk, and have the ability to flag individual issues for remediation, allocating tasks to team members and tracking them to completion.
Domains & IPs
Alternatively, users can look at individual domains and sub-domains. Every asset is given a 0-1000 score and its own, granular risk assessment. This allows users to prioritise assets with the greatest criticality, and provides complete transparency about the attribution of individual issues.
Trend Analysis
Organisation and domain-level scores are tracked over time and presented in a interactive charts, which flag the driving reasons behind significant score changes.
Alerts
Email alerts can be set up for individual companies or groups of organisations, alerting users when scores drop significantly, or below an acceptable threshold.
Reporting
Executive reporting templates enable Information Security users to provide regular KRI reporting to senior management while focusing on the highest-impact metrics. Details remediation reports, trend analysis and other templates can be used for a variety of use cases.
Enquiries & Escalation
Users can raise enquiries within the platform that will be responded to by real analysts at any time. Need more help? Thomas Murray’s cyber risk practice includes expert advisory, testing, attack simulation, incident response and digital forensics capabilities.