Information Security
Discover what you are missing

SpyderSec's Espial solution is as interesting as it is adept at information gathering. This unique solution dissects your public internet presence and extrudes discovery information about your network architecture and assets residing therein: DNS servers, subdomains, unencrypted login forms, OpenSSL versions, services running on non-standard ports, directory browsing, FTP access, web application languages, phishing websites, information leakage and surprisingly more. This solution is very powerful in that it enables you to keep a pulse on what your internet footprint looks like, helps to identify potentially exploitable vulnerabilities and ensures that you have accurate information to make decisions with.

Identify Assets

The number one critical security control for effective cyber defense is "Inventory of authorized and unauthorized devices" per SANS Critical Security Controls for Effective Cyber Defense. It is crucial to take device inventory, perhaps utilizing asset tags, automated inventory discovery tools and a content management database. Validating your inventory contains what you think it does is equally important and that is the premise behind this solution. External (public facing, internet accessible) devices and especially websites are prime targets for attackers since they reside on the internet and thus can be accessed from anywhere in the world. This ubiquity is a requirement for many organizations while simultaneously one of the most overlooked elements from a security standpoint.

Validate Services

If you are familiar with the likes of Heartbleed, Shellshock, POODLE, and MS15-034, ask yourself how long it took your organization to be able to answer these questions with confidence:
  • How many machines do we have that are running OpenSSL and...
  • What version of OpenSSL are they on?
  • Which servers are running with exposed cgi-bin functionality?
  • Do our websites currently support SSLv3?
  • How many IIS webservers are we hosting?
The answers to those and even more basic questions can make all the difference when the next 0-day is announced. It pays to be prepared and that is exactly what Espial provides for.

Reveal Vulnerabilities

While not a vulnerability scanner in the traditional sense, Espial absolutely identifies some types of more obscure vulnerabilities by taking domain and IP space information as input and checking for the existence of a multitude of flaws and improper configurations. The results can expose sensitive information such as harvested domain usernames and internal DNS structures as well as general information like how many RDP services are available on your network.

 

Trusted Solutions