SpyderSec Logo
Espial™
Discover what you are missing SpyderSec's Espial™ solution is as interesting as it is adept at information gathering. This unique solution dissects your external footprint and extrudes artifacts and information about your network architecture and assets residing therein: DNS servers, subdomains, unencrypted login forms, OpenSSL versions, services running on non-standard ports, directory browsing, FTP access, web application languages, phishing websites, information leakage and surprisingly more. This solution is very powerful in that it enables you to keep a pulse on what your internet footprint looks like, helps to identify potentially exploitable vulnerabilities and ensures that you have consistent information to make decisions with. Espial - Trade Marked Logo Espial is an API driven solution which you provide with known network information: Your IP addresses and domains/subdomains primarily. The tool then uses publicly available Open Source Intelligence (OSINT) gathering techniques to interrogate your infrastructure and the web, to ultimately produce consumable output for your organization. Espial™ has a free version and a paid subscription model.
Identify Assets The number one critical security control for effective cyber defense is "Inventory of authorized and unauthorized devices" per The CIS Critical Security Controls for Effective Cyber Defense. It is crucial to take device inventory, perhaps utilizing asset tags, automated inventory discovery tools and a content management database. Validating your inventory contains what you think it does is equally important and that is the premise behind this solution. External (public facing, internet accessible) devices, and especially websites, are prime targets for attackers since they reside on the internet and thus can be accessed from anywhere in the world. This ubiquity is a requirement for many organizations while simultaneously one of the most overlooked elements from a security standpoint.
Validate Services If you are familiar with the likes of Heartbleed, Shellshock, Drupalgeddon 2 & 3, POODLE, and CVE-2020-0609/CVE-2020-0610, ask yourself how long it took your organization to be able to answer these questions with confidence:
  • How many machines do we have that are running OpenSSL and...
  • What version of OpenSSL are they on?
  • Which servers are running with exposed cgi-bin functionality?
  • Do our websites currently support SSLv3, TLS1.0, TLS1.1?
  • How many IIS webservers are we hosting?
  • How many RDP services are running externally?
The answers to those and even more basic questions can make all the difference when the next 0-day is announced. It pays to be prepared and that is exactly what Espial™ provides for.
Contact Privacy Login Careers © MMXXI