Frequently Asked Questions

What is our Methodology?


Cyber Threat Susceptibility Assessment (CTSA) is a methodology for evaluating the susceptibility of a system to cyberattacks developed by MITRE. CTSA quantitatively assesses a system's inability to resist a cyberattack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs).

To generate the cyber risk rating, NormShield only needs the company domain. The engine collects information from VirusTotal, Passive DNs servers, web search engines, and other Internet-wide scanners, as well as NormShield's proprietary databases, which hold more than 10 billion historic items. The engine searches the databases to find all IP address ranges and domain names that belong to the company. NormShield uses what is called Open Source Intelligence (OSINT) to gather information. The following map shows how hackers can leverage their attack vectors by using OSINT resources like hacker forums, social networks, Google, leaked database dumps, paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan, or Google Safe Browsing.

NormShield compiles this data into a simple, understandable report with letter-grade scores to help identify and mitigate potential security risks. The platform identifies the risks (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS) and attack patterns (CAPEC/FIPS-199 impact level). NormShield also classifies the findings into FISMA Cyber Security Framework Area and Maturity Level, NIST 800-53 Control Family, FIPS-200 Area, and NIST 800-37 Process Step. NormShield does all of this without scanning or modifying any of the organization’s business assets.

3rd party risk management is the process of analyzing and controlling risks associated with outsourcing external IT service providers and other IT vendors (third parties). IT 3rd party risk management solutions support enterprises responsible for assessing, monitoring, and managing their exposure to risks involving third parties. Many solution capabilities now extend to identifying, assessing and tracking a vendor's subcontractors (or fourth-party relationships), a feature that is increasingly important to enterprises.

The demand for third-party risk management solutions is increasing due to high-profile IT service provider failures providing access to regulated information. The largest drivers of vendor risk management include regulatory requirements to address vendor risks, vendor performance, and mandates for risk monitoring of third parties with access to personal data (such as card payment and protected health information). These mandates include U.S. state-level data breach notification laws, the Payment Card Industry (PCI) standard, privacy and data protection regulations worldwide, and industry-specific regulations in the banking, financial services, healthcare, and telecom sectors.

Cyber Threat Susceptibility Assessment (TSA) is a methodology for evaluating the susceptibility of a system to cyber-attack developed by MITRE. Organizations seek assurance confirming the software products they acquire and develop are free from known types of security flaws. Today, there is a plethora of high-quality tools and services for finding these security weaknesses, now posing the question of 'which tool/service is better for a particular job?' The answer to this question is even more difficult, given the lack of structure and definition in the code assessment industry.

NormShield uses nonintrusive assessments to scan the cyber risk posture for any organization at any given moment in time. We don't use intrusive vulnerability scanners like Nessus, Netsparker, Acunetix, Nexpose, nmap, openvas, and others. As seen in the following diagram, our passive scan does not touch the target company's assets.Instead, we find the required data from the internet, including search engine caches, archive[.]org, internet-wide scanners, VirusTotal, PassiveTotal, hacker sites, paste sites, deep/dark web, etc.

Passive Scan

Only the main domain (example.com) name of the target organization.

No. NormShield will not generate any intrusive or malicious traffic if you request a cyber risk rating.

NormShield knowledge base (customers only) includes description, remediation and references of a weakness / vulnerability, along with CWE-ID, CAPEC-ID, FIPS-199 impact level, NIST 800-53 control familiy, FISMA maturity level, and more.

NormShield Knowledge Base