Gestión Unificada de los Riegos Externos

1
©2025 Check Point Software Technologies Ltd.
Edgar Pajuelo | Security Engineer SOLA, PE
Gestión Unificada de
Riesgos Externos
2025

2
Organizations face critical
security challenges every day
External threats are responsible for
83% of breaches
External Threats
are the # 1 Risk
SOURCE OF DATA
BREACHES (%)
100
50
0
External Internal
83%
17%
Verizon Data Breach Investigations Report 2023 (source)
Stolen credentials
are used as an attack entry point to organizations
Brand abusing websites and Social Impersonation
causes financial and reputational damage
Limited visibility into external digital footprint
makes it challenging to detect and mitigate vulnerabilities

3
Cloud
Environments
Development
Environments
Payments
Platforms
Social Media
Applications
Suppliers
Customers &
Employees
Brands & Logos
CVE Exploits
Supply Chain
Attacks
Compromised
Credentials
Brand
Impersonation
Fraud
Domains
IP Addresses
QUE RIESGOS ENFRENTA MI
ORGANIZACION?
QUE NECESITO PROTEGER?
Confidential
Threat Actors
Threat Actors
Threat Actors
ORGANIZATION’S
DIGITAL FOOTPRINT

4
Nesecidad real del Negocio
No basta con que la inteligencia sea simplemente práctica
Esta debe tener impacto
La inteligencia debe
identificar riesgos que
puedan ser mitigables.
Accionable
La inteligencia debe
ser relevante a la
organización.
Relevante
La inteligencia debe ser
real y precisa no falsos
positivos
Real
El costo del riesgo debe
ser mas grande que el
costo de la remediación.
Costo-Efectiva
Una Reducción de Riesgo Cuantificable

5
Attack Surface Management
Continuously discovery your Internet-facing assets to
understand relevant exposures and risks.
Deep & Dark Web Monitoring
Gain visibility into cybercrime activity on the deep
and dark web to uncover hidden threats.
Brand Protection
Protect your brands and logos from impersonation on
phishing sites, fake social media profiles, and more.
Cyber Threat Intelligence
Access strategic threat intelligence, track
ransomware activity, and understand your unique
threat landscape.
Evaluate and continuously monitor the cyber risk of
your third-party partners, vendors, and suppliers.
Supply Chain Intelligence
Active Exposure Validation
Use advanced automation to actively test your
organization’s exposures for exploitability.
Infinity External Risk Management

6
Shadow IT &
Asset Discovery
Vulnerabilities &
Exposure Detection
Active Exposure
Validation
Enriched IoC Feeds
Ransomware watch
& Threat landscape
Intelligence
Knowledgebase
Credentials and
Account Takeover
Dark web Monitoring
& Actor Chatter
Fraud & Data leakage
Social Media
Impersonation
Brand & Phishing
Protection
Mobile App
Impersonation
3rd party Risk
Management
Vendors & Technology
Detection
Alerting on Critical
Risks and Breaches
Servicios de Remediacion (Takedown) Gestionados
Servicios Expertos de Inteligencia de Amenzas
Attack Surface
Monitoring
Deep & Dark Web
Brand Protection &
Impersonation
Supply Chain
Intelligence
Global Threat
Intelligence
C
A
PA
C
I
D
A
D
E
S
S
E
R
V
C
I
O
S
Infinity External Risk Management
Solución Integral de Gestión de Riego Externo

7
Attack Surface Management

8
Corporate Digital Footprints Are Complex & Expanding
P U B L I C
I N T E R N E T
Old & Forgotten Infrastructure
Unauthorized Internet-Facing Assets
Accidental External Exposures
Assets From Mergers & Acquisitions
CORPORATE
HEADQUARTERS
SATELLITE OFFICE SATELLITE OFFICE
CSP #1 CSP #2
REMOTE
WORKFORCE
3rd PARTY
VENDORS
VPN GATEWAY
SAAS TOOLS
MOBILE
DEVICES
EDGE DEVICES
IoT DEVICES
CODE REPOS
EMAIL
PROVIDER
WEB APPS
CORPORATE DIGITAL FOOTPRINTS TODAY
CORPORATE DIGITAL ESTATES IN A PREVIOUS ERA

9
Unknown Exposures Lead To Major Hidden Risks
Accidental misconfigurations
cause gaps in your defenses
Misconfigurations
Unpatched software with
known CVEs pose a risk
High-Risk CVEs
Open ports may give threat
actors an initial entry point
Exploitable Ports
Databases that are exposed
to the Internet cause leaks
Exposed Databases
Sensitive web interfaces
may create unnecessary risk
Exposed Interfaces
Outdated protocols can
open up new attack vectors
Outdated Protocols

10
Solution: Infinity ERM Attack Surface Management
Improve Visibility On Your External Assets
Identify & Remediate Security Issues Faster
Continuously Mitigate External Risks
Continuously discover your external attack surface to improve visibility
and maintain an up-to-date inventory of assets.
Quickly identify security issues and potential risks, automatically assess risk,
and streamline remediation activities.
Monitor, detect, and mitigate cyber risks in your external IT infrastructure to
continuously improve security posture.
- C A P A B I L I T I E S -
Security
Posture
Scoring
CVE
Detection
Technology
Inventory
Simplified
Risk
Reporting
Continuous
Exposure
Scans
Continuous
Asset
Discovery

11
Deep & Dark Web Monitoring

12
Security Teams Lack Visibility Into Threat Actor Forums
?
O P E N W E B
D E E P W E B
D A R K W E B
Telegram
Threat actor communities
are often a black box for
cyber defenders.
Threat actors are
constantly developing new
tools and tactics.
Constantly Evolving
TTPs
Cybercriminals plan and
coordinate their attacks in
hidden forums.
Impending Attacks
Stolen corporate
credentials are sold for
cheap on marketplaces.
Compromised
Credentials
Leaked data, such as IP
and PII, is shared on the
deep and dark web.
Sensitive Data
Leakages

13
Relevant Threat Intelligence Mapped To Your Assets
MONITORED ASSETS
• Domains
• Subdomains
• IP Addresses
• Brand & product names
• Executive names
• Mobile applications
• Logos
TARGETED
INTELLIGENCE
• Leaked Credentials
• Exposed Source Code
• Leaked Payment Cards
• Lookalike Domains
• Fraudulent Sites & Apps
• Fake Social Media Profiles
• And more
A U T O M AT E D I N T E L
C O L L E C T I O N & M L A N A LY S I S
S O C I A L
M E D I A
C O D E
R E P O S
M A L W A R E
L O G S
C A R D
S H O P S
O N I O N
S I T E S
M A R K E T -
P L A C E S
F O R U M S
& C H A T S
P A S T E
B I N S

14
Infinity ERM Deep & Dark Web Monitoring
Gain Visibility On Threat Actor Communities
Accelerate Detection Of Relevant Risks
Respond To Threats Before They Develop
Continuously monitor the open, deep and dark web to expose hidden
cybercriminal communities and relevant threats.
Detect relevant risks faster and earlier in the cyber kill chain, giving you an
essential advantage in stopping the attack.
Quickly respond to relevant cyber risks before they have the chance to
develop into costly and damaging security incidents.
Exposed
Credentials
Detection
Dark Web
Chatter
Monitoring
Fraud
Prevention
Malware
Log
Collection
Leaked
Data
Detection
Leaked
Credit Card
Detection

15
Digital Risk Protection

16
Impersonation Attacks Take Many Forms
Domains that resemble your
official web properties
Lookalike Domains
Fraudulent sites that are a
clone of your brand’s website
Phishing Websites
Apps injected with malware
that mimic your official apps
Malicious Apps
Social media profiles that
pretend to be your brand’s
official profile
Fake Social Profiles
Impersonation of employees
on social media platforms
VIP Impersonation

17
The Bottom Line: Impersonation Attacks Cause Losses
Phishing websites that
defraud customers or sell
counterfeit goods result in
a loss of revenue.
Direct Financial
Losses Due To
Fraud
Victims of scams may
place blame on your
organization rather than
the cybercriminals.
Damage To Brand &
Consumer
Confidence
Regulations require
protection of customer and
their data, which is at risk
with impersonation attacks.
Compliance
Challenges &
Regulatory Risk

18
Confidential
Cases of
content
available for
removal
Phishing Websites
A website targeting specifically
a protected brand, with the
intent to harvest credentials or
scam customers.
Brand Abuse
Content infringing on a
registered trademark
Fake Mobile App
A mobile application claiming
to be organization, but is an
unrelated 3rd party
Mobile App Distributed
Unofficially
Any copy/mod of a protected
mobile application being shared
outside of the official app store
Social Media Brand
Impersonation
A social media profile which
impersonates a protected brand

19
Confidential
Cases of
content
available for
removal
Social Media Executive
Impersonation
A social media profile which
impersonates an executive of a
protected brand
Sensitive Files
Files with proprietary private
information disclosure
Fake Job Posts
Recruitments posts not
associated with the company

20
Infinity ERM Brand Protection
Detect & Takedown Illegal Brand Abuse
Continuously Reduce External Cyber Risk
Protect Your Brand, Customers & Revenue
Quickly detect illegal use of trademarked brand names and logos, then
have the malicious content taken offline.
Continuously identify and respond to impersonation attacks to effectively
mitigate external cyber risks.
Protect your organization’s brand reputation, customers, and revenue with
digital risk protection services.
Data
Leakage
Detection
Fast &
Effective
Takedowns
Phishing
Protection
Domain
Protection
Mobile
App Store
Monitoring
Social
Media
Monitoring

21
Supply Chain Intelligence

22
Challenges With Traditional 3rd Party Risk Management
• External ASM scans
only
• Lack of deep and dark
web intelligence
• Limited scope
assessments
Partial Cyber Risk
Assessments
• No continuous
monitoring
• Lack of real-time alerting
• Notifications are not sent
when a vendor is
breached
Point-In-Time
Evaluations
• Tick-box processes
• Complex scoring
systems
• A focus on passing
audits rather than
reducing risk
Limited Impact On
Security Posture

23
Infinity ERM Supply Chain Intelligence
Fully Understand Your 3rd Party Risks
Get Real-Time Alerts About Vendor Breaches
Limit Your Exposure To Insecure 3rd Parties
Develop a comprehensive inventory of vendors and suppliers, then fully
evaluate the cyber risk of each third-party.
Receive an enriched alert in real-time whenever one of your monitored
vendors is experiencing an attack or breach.
Assess the cyber risk of each vendor, export risk reports, and make
informed decisions about 3rd party risk exposure.
Full-Scope
Cyber Risk
Evaluation
Real-Time
Alerting
Business
Criticality
Assignment
Continuous
Monitoring
Automatic
Vendor
Discovery
Simplified
Reporting

24
Global Threat Intelligence

25
Infinity ERM Threat Hunting
• Understand your landscape
• Research actors & malware
• Find relevant IoCs & TTPs
• Investigate specific IoCs
• Uncover malicious infra
• Search the deep & dark web
• Create a hunting hypothesis
• Access relevant data to hunt
• Uncover undetected threats
Who is most likely to target me? Who is currently targeting me? Who has already attacked me?
THREAT RESEARCH INVESTIGATIONS THREAT HUNTING

26
External Risk Management Definition Of Threat Hunting
PA S T F U T U R E
When did the attack occur?
P R E S E N T
Who has already attacked me?
(that we did not catch)
1. Create a hunting hypothesis
2. Access relevant data to hunt
3. Uncover undetected threats
Argos Data
Lake
Argos TA &
Malware
Argos Forensic
Canvas
ThreatScope
AI
Who is most likely to target me?
1. Understand your landscape
2. Research actors & malware
3. Find relevant IOCs & TTPs
Argos
Data Lake
Argos Threat
Landscape
Argos TA &
Malware
Argos Forensic
Canvas
ThreatScope
AI
Who is currently targeting me?
1. Investigate specific IoCs
2. Uncover malicious infra
3. Search the deep & dark web
Argos Forensic
Canvas
Argos Data
Lake
IOC / Alert

27
Threat Intel Data Lake:
A Dark Web Search Engine
Filter and search a data lake of >50
Billion intel items
Access A Dark Web Search Engine
Follow threat actors and monitor relevant
forums
Track & Monitor Actors & Campaigns
Create an early warning system with
complex queries
Save Queries For Customized Alerts

28
Forensic Canvas Module:
An Investigations Tool
Easily expand on a single IoC to find related
risks
Conduct Deep Investigations On IoCs
Uncover the full extent of an attack to
mitigate all risks
Expose Malicious Infrastructure
Save, collaborate, and download
investigations as needed
Save & Export Investigations & IoCs

29
Threat Knowledgebase:
A Library Of Strategic Intel
Gain strategic intelligence on hundreds of
threat groups and malware families.
Hundreds Of Threat Actors & Malware
Each Threat Actor and Malware entry has
relevant TTPs, IOCs, and exploited CVEs.
Intelligence of Relevant TTPs and IoCs
Examine the most recent intel items on a
specific threat actor or malware strain.
Recent Activity With Links To Intel Items

Gestión Unificada de los Riegos Externos

More Related Content

Similar to Gestión Unificada de los Riegos Externos

More from Cristian Garcia G.

Recently uploaded

Gestión Unificada de los Riegos Externos