Subsidiary Risk

Subsidiary risk in the context of cybersecurity refers to the potential security vulnerabilities and threats that arise from the operations and IT systems of a company's subsidiaries.

Key aspects of subsidiary risk include:

• Expanded attack surface: Subsidiaries often have their own IT infrastructure, networks, and data, which increases the overall attack surface of the parent company. This can make it more difficult to manage and secure all potential entry points for attackers.

• Varying security practices: Subsidiaries may have different security protocols, technologies, and levels of cybersecurity awareness compared to the parent company. This can create inconsistencies and weaknesses that attackers can exploit.

• Lack of visibility: Parent companies may not have complete visibility into the security posture and practices of their subsidiaries, making it difficult to identify and mitigate potential risks.

• Compliance challenges: Subsidiaries may operate in different jurisdictions with varying data protection and privacy regulations. Ensuring compliance across all subsidiaries can be complex and challenging.

• Reputational damage: A security breach at a subsidiary can damage the reputation of both the subsidiary and the parent company, leading to financial losses and a loss of customer trust.

Examples of subsidiary risk scenarios:

• A subsidiary with weak security controls suffers a data breach, exposing sensitive customer information of the parent company.

• An attacker gains access to the parent company's network through a vulnerable subsidiary's system.

• A subsidiary fails to comply with relevant data protection regulations, resulting in fines and legal action for the parent company.

Mitigating subsidiary risk:

• Establish clear security standards: Implement consistent security policies, procedures, and technologies across all subsidiaries.

• Conduct regular security assessments: Regularly assess the security posture of subsidiaries to identify and address vulnerabilities.

• Provide cybersecurity training: Educate employees at all subsidiaries about cybersecurity best practices and threats.

• Enhance visibility: Implement tools and technologies to gain visibility into the IT assets and security practices of subsidiaries.

• Centralize security monitoring: Consolidate security monitoring and incident response efforts to ensure a coordinated approach.

By proactively addressing subsidiary risk, companies can strengthen their overall cybersecurity posture and protect themselves from potentially damaging security incidents.

ThreatNG can help address subsidiary risks through its comprehensive capabilities in external attack surface management, digital risk protection, and security ratings. By providing continuous monitoring, assessment, and reporting across subsidiaries, ThreatNG enables parent companies to gain visibility into potential vulnerabilities and threats, enforce consistent security standards, and proactively mitigate risks.

External Discovery and Assessment

ThreatNG excels at discovering and assessing external assets and potential risks across subsidiaries. This includes:

• Domain Intelligence: Analyzing DNS records, SSL certificates, and other domain-related information to identify vulnerabilities and potential risks.

• Subdomain Takeover Susceptibility: Identifying subdomains that are vulnerable to takeover attacks, which could allow attackers to redirect traffic or host malicious content.

• Cyber Risk Exposure: Assessing the overall cyber risk exposure of subsidiaries by considering factors such as exposed sensitive ports, known vulnerabilities, code secret exposure, cloud and SaaS exposure, and compromised credentials on the dark web.

• Supply Chain & Third Party Exposure: Evaluating the security posture of subsidiaries' supply chains and third-party vendors, which can pose significant risks if not properly managed.

Reporting

ThreatNG offers various reporting capabilities to provide insights into the security posture of subsidiaries:

• Executive, Technical, and Prioritized Reports: Tailored reports for different stakeholders, summarizing key findings, risks, and recommendations.

• Security Ratings: Assigning security ratings to subsidiaries, allowing for benchmarking and tracking progress over time.

• Ransomware Susceptibility Reports: Assessing the likelihood of subsidiaries falling victim to ransomware attacks.

• U.S. SEC Filings Reports: Analyzing SEC filings of publicly traded subsidiaries to identify potential risks and ensure compliance.

Continuous Monitoring

ThreatNG provides continuous monitoring of subsidiaries' external attack surfaces, enabling proactive identification of emerging threats and vulnerabilities:

• Real-time monitoring of changes: Detecting new assets, vulnerabilities, and risks as they emerge.

• Alerting and notifications: Promptly notifying security teams of critical security events and changes.

• Historical data tracking: Tracking security posture trends and improvements over time.

Investigation Modules

ThreatNG offers a variety of investigation modules to delve deeper into potential risks:

• Domain Intelligence: Gathering comprehensive information about subsidiaries' domains, including DNS records, email security, WHOIS data, and subdomain analysis.

• Sensitive Code Exposure: Identifying exposed code repositories and analyzing their contents for sensitive data such as access credentials, database exposures, and personal information.

• Cloud and SaaS Exposure: Discovering sanctioned and unsanctioned cloud services, cloud service impersonations, and open exposed cloud buckets. It also assesses SaaS implementations associated with the organization.

• Dark Web Presence: Monitoring the dark web for mentions of subsidiaries, associated ransomware events, and compromised credentials.

Intelligence Repositories

ThreatNG maintains extensive intelligence repositories to enrich its analysis and provide context to identified risks:

• Dark web: Monitoring dark web forums, marketplaces, and other sources for relevant threat intelligence.

• Compromised credentials: Maintaining a database of compromised credentials to identify potential account takeovers.

• Ransomware events and groups: Tracking ransomware attacks and groups to assess potential threats.

• Known vulnerabilities: Leveraging vulnerability databases to identify and prioritize patching efforts.

• ESG violations: Monitoring for environmental, social, and governance violations that could impact subsidiaries' reputations or operations.

Complementary Solutions

ThreatNG can integrate with complementary security solutions to enhance its capabilities and provide a more holistic security approach. Examples include:

• Security Information and Event Management (SIEM) systems: Integrating with SIEM systems to correlate ThreatNG findings with other security events and improve threat detection.

• Threat intelligence platforms (TIPs): Enriching ThreatNG's intelligence with external threat data feeds.

• Vulnerability scanners: Integrating with vulnerability scanners to gain more in-depth insights into subsidiaries' internal and external vulnerabilities.

Examples of ThreatNG Helping

• ThreatNG identified a vulnerable subdomain of a subsidiary that was susceptible to takeover. The parent company was able to remediate the vulnerability before it could be exploited.

• ThreatNG discovered exposed sensitive information on a code repository belonging to a subsidiary. The information was promptly secured, preventing potential data leakage.

• ThreatNG alerted a parent company to a ransomware group targeting its industry. The company was able to proactively implement additional security measures to protect its subsidiaries.

Examples of ThreatNG Working with Complementary Solutions

• ThreatNG integrated with a SIEM system to correlate its findings with other security events, leading to the identification of a sophisticated attack campaign targeting multiple subsidiaries.

• ThreatNG's intelligence was enriched with data from a TIP, enabling the identification of a previously unknown phishing campaign targeting subsidiaries' employees.

• ThreatNG integrated with a vulnerability scanner to gain a more comprehensive view of subsidiaries' vulnerabilities, allowing for prioritized patching and remediation efforts.