Foretrace is an innovative vendor in a space recently coined by Gartner as External Attack Surface Management (EASM). EASM, is “an emerging product set that supports organizations in identifying risks coming from internet-facing assets and systems that they may be unaware of.”
Foretrace takes an authentic approach to attack surface mapping by using the actual tools and techniques that attackers and red teams employ to collect organizational OSINT and deliver it to customers in a simple and digestible format for use in detection of data leaks, breaches, and vulnerabilities. Today we are chatting with Nick Ascoli, Founder and CEO, to learn more about the space, and their solution.
What exactly is ‘External Attack Surface Management?’
Traditional attack surface management involves inventorying and monitoring digital assets that in some way process sensitive data. EASM is an approach that involves focusing specifically on assets in the attack surface which are internet facing; thus, they can be enumerated by an attacker with no credentialed access to an environment.
What is the industry problem?
Stated simply, the industry problem is that vulnerabilities are exploited before they are detected. The traditional approach taken by security service providers is a roundabout one. Weaknesses are not identified up front, but rather in the recon phase of an annual or biannual penetration test. Counting on soliciting security weaknesses exclusively during the footprinting and OSINT collection exercises is dangerous.
The gaps exposed in this recon phase have often been around for months or longer, but are only identified by the organization during the penetration test. I think the big problem here is that OSINT provides a substantial amount of value to an attacker, but is not commonly tracked as a part of most SOCs operational capabilities – and that needs to change. You want to close those gaps, and be aware of what the ‘bad guys’ can actually see – before the red team tells you, or before an adversary silently collects whatever data is exposed to employ in an attack.
Foretrace cuts directly to the chase by proactively enumerating one’s digital footprint through the perspective of an adversary.
How is Foretrace solving that problem?
Our tool provides those OSINT data points that red teams and attackers actually employ to be successful, like account exposure, domain infrastructure, data and document leaks, etc in a manner that is easily digestible to SOC analysts, and any other team member that may benefit from such data. For example – the data we collect can be used for third party risk assessments, to vet the care your third parties give to their digital footprint, MSSPs use us to monitor the exposure of their customers, and more.
The format that we use to deliver the data is designed to be easy to digest for a more GRC intensive risk team but that is substantive enough to be useful for actual operational capabilities.
Where do you see Foretrace in 5 years?
We aim to be a leader in the Attack Surface Management space, uniquely poised because of our distinctive method of addressing the traditional and non-traditional use cases catalyze from our collected data. We are exploring spinning off a few of our OSINT data collection modules into standalone products, as interest in access to individual scanners (namely data leak detection) is on the rise – so be on the lookout for some upcoming announcements!
How do customers consume and license Foretrace?
We offer a subscription-based SaaS licensing model, which scales up and down to support just about any sized operation. Foretrace is equally equipped to build a custom menu to service a small operation monitoring a few domains to a multinational monitoring 10+ corporate owned domains, a handful of industry peers infrastructure, and hundreds of vendors footprints.
In terms of consuming, we have a scoring dashboard to view the basic digital footprint scan results, and users can deep dive into any one of the scans raw telemetry in the individual modules. Each ‘module’ reflects an actual data collection tool or technique that attackers employ, and can be mapped back to a tactic in MITRE PRE-ATT&CK.
At the end of the day, the Foretrace model is designed to provide maximum accessibility and utility. We pride ourselves on the white-glove service we offer to our users at any scale and know that with the unique and targeted approach we employ, the possibilities are truly endless.
You can learn more about Foretrace and EASM at foretrace.com