Ecosystem Cyber Risk Manager

Ecosystem Cyber Risk Manager

Effectively manage cyber risk across your entire ecosystem

  • Ecosystem partners have access to your confidential information, intellectual property and critical systems
  • Your sensitive data is only as secure as your ecosystem’s cyber security capabilities
  • NormShield profiles the cyber risk of 3rd parties who are granted privileged access to your systems.
  • NormShield provides a “hacker’s view” of all public-facing vulnerabilities across 20 different categories.

Your Ecosystem Multiplies Your Cyber Risk

Hackers can access your company through 3rd party partners

You are as secure as your weakest link! And not all of your partners may be taking cyber security as serious as you are, leaving you vulnerable to cyber security risks!

Ecosystem Risk Hacker View

With NormShield, you can see what hackers can see!

NormShield provides a “hacker’s view” of all public-facing vulnerabilities across 20 different categories and automatically assigns a letter grade for each one.

Ecosystem Risk

The Methodology

Cyber Threat Susceptibility Assessment (CTSA) is a methodology for evaluating the susceptibility of a system to cyber-attack developed by MITRE. CTSA quantitatively assesses a system's inability to resist cyber-attack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs). CTSA consists of the following steps:

Product Methodology

To generate the scorecard, NormShield needs only the company domain. The engine collects the related information from VirusTotal, Passive DNs servers, web search engines, and other Internet wide scanners as well as NormShield's proprietary databases, which hold more than 10 billion historic items. The engine searches the database in order to find all IP address ranges and domain names that belong to the company. NormShield uses what is called Open Source Intelligence (OSINT) that is shown below to gather information. The following map shows how hackers can leverage their attack vectors by using OSINT resources like hacker forums, social networks, Google, leaked database dumps, paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan, or Google Safe Browsing.

NormShield compiles this data into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks. It identifies the risks (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS), and attack patterns (CAPEC / FIPS-199 impact level). NormShield also classifies the findings into FISMA Cyber Security Framework Area and Maturity Level, NIST 800-53 Control Family, FIPS-200 Area, NIST 800-37 Process Step. NormShield does all of this without scanning or modifying any of the organization’s business assets.