Mirza Asrar Baig, CTM360: “stopping threat actors early at reconnaissance makes you a challenging target”

The external attack surface provides an attractive opportunity for threat actors to research and identify gaps in digital assets. Organizations can disrupt opportunities at the first stage through External Attack Surface Management.

News of data breaches and global ransomware attacks trends on an almost daily basis. In most cases, external threat actors opportunistically find information that enables them to construct an attack. Their initial efforts are greatly encouraged by misconfigurations and vulnerabilities that lie visible externally in the public domain. While individual users invest in such tools as antivirus software or virtual private networks (VPNs), businesses are in need of more complex solutions, such as threat detection at an early stage and response services. We invited Mirza Asrar Baig, the CEO of CTM360 – a company that specializes in External Attack Surface Management, Digital Risk Protection, and Cyber Threat Intelligence. Baig shared his views on the external threat landscape and best practices to adopt to make your organization a more challenging target.

Can you tell us about the story behind CTM360? What has the journey been like?

CTM360 has evolved into an extensive Digital Risk Protection platform over time.

The origins of CTM360 stem from a simple question: why are financial losses projected to grow exponentially every year when spending on security technologies is increasing. Industry focus has traditionally been on a Defense in Depth strategy that deploys layers of security within the organization; however, many use cases of threats and frauds outside the firewall are often overlooked. Digital Risk Protection and External Attack Surface Management serve as the crucial missing pieces of technology to address challenges across the surface, deep and dark web. Initially, an understanding of the external security aspect was missing, but now it is considered a critical must-have.

Across the industry, one common misconception still remains, i.e. purchasing more of the same costly technologies will solve the cybersecurity problem. As cyber losses continue to exponentially increase, it is apparent that a shift in strategy is needed. Similar to the layers of technologies that you deploy inside the organization under defense in-depth, a stack of technologies outside the firewall is now considered critical. As cyberspace has evolved, the realization for DRP and EASM has been felt by end-users. In the initial stages, there was a growing need for brand protection and anti-phishing with adoption mainly by the financial sector; using this sector as a base, CTM360 expanded on different use cases to solve customer pain points; This methodology allowed CTM360 to solve issues whenever a new threat or vulnerability was seen in cyberspace. It also enabled the company to formalize its very specific and centralized approach.

CTM360’s overall approach is called the Digital Risk Protection stack. Using this framework, the company has seamlessly integrated many industry verticals, such as External Attack Surface, Cyber Threat Intelligence, Surface, Deep and Dark monitoring, Takedowns, etc. into one SaaS platform, offered at a fixed fee.

As a data-centric technology company, CTM360 has evolved on the back of billions of data points and derives new use cases for data on a daily basis. The company remains a front-runner in the DRPS, EASM, and CTI space due to synergies between the three, and CTM360 has been agile enough to bundle them seamlessly. The journey has been one of tremendous learning; however, this journey is still not complete.

The main ingredients behind the company’s success are:

  1. Providing day one customer value derived from data and outcomes entirely relevant and specific to end-users,
  2. Needing no configurations or cumbersome installations,
  3. Not requiring any information from the end-user.

Overall, CTM360’s growth has been progressive, iterative, and focused on consolidating different verticals under one consolidated stack. ROI is multi-fold.

You take great pride in your HackerView platform. Could you tell us more about this solution?

A common challenge in cybersecurity is that organizations often struggle to identify and catalog their digital assets and more broadly control their own digital presence. When an organization is not fully aware of its online presence, security teams will not know which assets need reinforcement or which are outright left vulnerable. HackerView comes pre-populated and curated with specific data entirely relevant to the organization and accurately maps all external cyber assets. The platform is in the progress of mapping organizations in every industry and country, irrespective of size. This is External Attack Surface Management at scale.

In HackerView, customers are not expected to add and verify assets. The platform maps this as part of the discovery process. The platform works on the basis of the curation of assets from the public domain. Once the data is mapped, it generates a comprehensive digital risk scorecard showcasing the organization's external posture. Seamlessly, HackerView also extends this visibility across an organization’s third-party supply chain, which increases the exposure of an organization. Overall, the unique aspect of HackerView is that it serves to feed data to the platforms, i.e. automatic configuration and assets for Surface, Deep & Dark web monitoring, Brand Protection, etc.

You often mention the importance of the external attack surface. Why is that so crucial?

Security is continuous, and organizations cannot leave early indicator warning signs or threats growing. Timely containment is the most crucial step to ensure threat actors do not have time and space to construct and deliver their attack. Conceptually, this falls in the first step of the cyber kill chain. By limiting a threat actor’s opportunity to conduct reconnaissance, an organization’s external security posture is hardened. CTM360 gives instant day-one value without any end-user input. It allows organizations to view and take complete control of their digital presence.

In your opinion, has the pandemic altered the way threat actors operate?

The pandemic has made it significantly easier for the threat actors to operate in cyberspace. Online environments, work-from-home, and a shift to the cloud have increased overall opportunities for threat actors. This explains the exponential increase in cyberattacks to a large extent. Threats have generally risen and mutated rapidly during the pandemic. But on the other side, the realization of the need for DRPS (Digital Risk Protection Services), EASM( External Attack Surface Management), and Cyber Threat Intelligence (CTI) across all industries and geographies – big or small – have also increased. Over time, DRPS, EASM, and CTI have been recognized as an integral but missing part of security architecture by major research firms, such as Gartner, which has helped increase end-user adoption.

The belief that only large and well-known companies are prone to cyberattacks is only one of many misconceptions still prevalent today. What other cybersecurity myths do you come across most often?

Yes, it is a myth. Cyber threats such as ransomware do not differentiate between small or big organizations. When an organization has even one exposed important data point, it serves as a potential entry point for threat actors to explore.

Spending more money on the same type of technology does not solve the problem. While the industry continues to do that, financial losses continue to grow exponentially.

There is another common misconception that ingesting multiple Indicators of Compromise feeds will give you great business value. Most existing product stacks (i.e. firewall, IDS, IPS, etc.) from credible vendors already ingest such data, and manually updating IOCs increases risk. There is a multi-fold value of Indicators of Warning (IOW), Indicators of Attacks (IOA), and Indicators of Exposure (IOE), which are less talked about.

With remote work becoming a common practice, what details can often be overlooked in the process?

More remote work has led to greater online exposure. Employees in different capacities, either due to negligence or mistakes, may provide initial data points and opportunities for threat actors to construct an attack.

Remotely connecting to access an organization’s network, employees that circumvent security protocols or controls immediately put the organization at risk. As a best practice, organizations should look to harden not only remote but on-premise devices, so that the impact of recurring techniques used by threat actors is minimized. Segregating work and personal devices, such as cell phones, also reduces risk but is not commonly practiced.

Other modern-day threats, such as Business Email Compromise, executive impersonations, phishing attacks, and financial fraud schemes, have risen considerably during the global pandemic.

What would you consider the biggest security threats nowadays that companies should be on the lookout for?

There are two major cyber threats nowadays that are growing rapidly – Ransomware and Business Email Compromise (BEC).

To elaborate, ransomware has thrived because threat actors have identified it as a monetization opportunity. Here, threat actors access data and encrypt it; access to those encrypted documents is restricted unless a ransom is paid.

Another common but substantial threat nowadays is Business Email Compromise (BEC). BEC is a financial attack targeting companies using a combination of spear-phishing, CXO impersonation, and social engineering to trick victims into transferring funds. There are many variations of this type of attack. It may be carried out through domain spoofing, typo-squatting, or compromised accounts. Enforcing email rules and implementing DMARC helps prevent this threat.

What does the future hold for CTM360?

CTM360 has already integrated External Attack Surface Management (EASM), Digital Risk Protection (DRP), and Cyber Threat Intelligence (CTI) into the most comprehensive Digital Risk Protection Platform, which over the past two years got ratified by research firms (i.e. Gartner, Forrester) in their reports. The company is already witnessing rapid customer growth from multiple countries, and CTM360 is implementing its global expansion initiative organically. In the future, as a data company, CTM360 is aiming to profile organizations in every industry and geography globally, operating its subscription-based SaaS at scale.