9.8
CVE-2023-49733
Weaponized
Threats and Vulnerabilities
Threat actors
12
Wizard Spider, APT29, Conti, APT10, REvil, LAP$U, Lazarus Group, Equation Group...
21
FTP
2022-05-25 15:33:35
OpenSSH 2.0, Firewall, Linux, cpe:/a:openbsd:openssh:7.6p1
Case Study
Cybersecurity
Threat Intelligence
Customer Impact: Replaces 50% of redundant internal security tools, resulting in reduced costs for organization.
Product
Attack Surface Intelligence
Utilizing 620+mm IPs tracked so organizations stay secure against threats.
Challenge
3 Months
Deadline for the MVP release while learning the intricacies of threat intelligence.
Business Impact
10MM
Revenue as of Q1 2024. ..." the fastest growing product line".
Areas:
Discovery
Design
Research
Tools:
Miro
Figma
Partners:
Founders
A Building Blocks Snapshot
Overview
Harnessing the Threat Intelligence Team's comprehensive data collection and attribution infrastructure built over the course of 7 years, Attack Surface Intelligence is a comprehensive outside-in view of the global attack surface by unlocking threat intel's rich database to provide contextual insights around threat actors, ransomware, vulnerabilities, malware infections, certificates, and much more.
Impact
Outcomes That Matter
ASI transforms how businesses see and manage risk—turning complex data sets into simplified intelligence that protects, drives measurable results, and earns the industry's trust.
Business Outcome
10MM
Revenue as of Q4 2023
Customer Outcome
50%
Replacememnt of redundant internal security tools, resulting in reduced costs for organization.
Industry Recognition
“SecurityScorecard’s threat intelligence showed more Reliable attribution correlations than any other provider.”
Global Service and Technology Company
Cybersecurity Analyst
Collaborators
Design Owner, and Collaborator
As owner of design, I believe in strong partnerships and a collaborative-first mindset that keeps the pillars of a product development team in constant communication, and exchanging of ideas.
Product Owner
Planning out not just MVP, but 6-12 months ahead, aligning design decisions with business priorities, and ensuring ASI delivers back a clear user and organizational need.
Threat Intelligence
The experts behind ASI, I partnered to translate complex security insights into intuitive displays without adding cognitive burden.
Engineering
Deeply embedded with engineering from the start. Ideation, feasibility, constraints, and edge cases.
User Research
Partnering with user research to ground design decisions in real behavioral data and continuously bringing findings back into the product to validate and refine.
Customer Challenges
One Step Behind
Detecting the unknown unknowns and how they pose a risk to business is what keeps cybersecurity professionals and business leaders from making confident decisions.
Sophisticated Threat Actors
Threat actors are becoming increasingly sophisticated, risk is complex and constantly evolving, making it difficult for organizations to stay secure and up-to-date on the latest potential threats.
Lack of Visibility
Companies are challenged by a lack of visibility into their own attack surface, their third and fourth parties’, and the global attack surface, so they struggle to prioritize and manage risk.
Minimal Resources
Many organizations—even those with armed with threat intelligence teams—don’t have enough resources or time to conduct deep threat intelligence analysis.
Struggle Monitoring
As the global threats continue to evolve and become more sophisticated, organizations struggle to continuously monitor these threats and the impact they may have on their security posture.
Threat Researcher / Hunter
Security Analyst
Security Engineer
VP, InfoSec
CISO (Enterprise)
Security Operations
Director, Data Protection
The Opportunity
A Wealth of Data
"We are really burying all the data we have. We should be able to show all search results for a single port, product, or service and for each result show the IPs and domains its tied to."
The Threat Intelligence Team built the most comprehensive data collection that presented the opportunity for a new product offering.
Entities
CVE
Threat Actor
Port findings + raw scans for an IP
Attribution info + Domain info
Malicious Reputation Hit
Ransomware Group
Active Infection
Single Raw scan products, services detected, OS found, devices found
Certificate
Unique entities being tracked
616.7M
IP addresses
1.5K
Ports
13.5K
CVEs
1.3B
Infection families
1.3B
Unique certificates
1.3B
Threat actors
1.3B
Breach records
Connections made to digital assets
1.3B
Open ports
1.1B
Detected CVEs
1.4B
Active infections
333M
Threat actor links
3.8B
Breach records
78.1M
Detected certificates
Deliver and distill down just the data that Threat Hunters should focus on.
Design
Learn. Build. Influence.
Harness a dense amount of data and its inter-connected relationships and design in a manner that allows threat hunters to understand, recognize and make quick, confident decisions on what investigative actions to be take.
Search Result
An example of a customer search query would be:
(has_threatactor:'Wizard Spider' industry: ‘FINANCIAL_SERVICES’ portfolio: ‘My Vendors’ (and (or has_cve:'CVE-2021-40444')))
Understanding
Search results can be up to thousands of IPs, each IP displaying a 'history' of all entities ever associated or connected with it.
Question
How can a single IP search result and all its connections be designed in a manner allowing a threat hunter to understand, recognize, and conclude what investigative actions need to be taken?
Design Decision
Treat a search result card as a historical record of the IP, displaying collections of entities associated with the IP in a scannable manner that seasoned security professionals will understand.
Search Results view
A search results view based on a query search. Customers select an IP to a full detailed view of that IP.
IP Details view
The IP details screen takes the search result 'card' view and expands on it, bringing in more contextualized data.
Challenge
The Pivot
Post-release research revealed that less technical roles such as Vendor Risk Managers were also interested in ASI's capabilities, but were less familiar with the syntax used for search.
Reimagine ASI search where customers 'build' queries, without the need understand the complex syntax.
Inspired by the 'build it as you go' model, customers choose what they want to search for and apply conditions to their selections.
Quick filters, which when selected, auto-populate the fields. Filters are deemed the most popular searches as well as trending topics.
As customers add to their search, the full query is displayed on the far right as a way to visually understand the query in syntax format.
The new search also preserves the syntax option, allowing those who choose to type in the query themselves that capability.
Additional Case Study
Suspicious IP:
111.118.51.12
Findings:
Suspicious Location
Outside Work hours
Anomalous Behavior
MITRE Pattern:
Reconnaissance - 89%
Privileged Escalation- 76%
Data Access- 76%
Recommended
identify accessed data
Show specific S3 object paths accessed via GetObject by user B_Wayne from suspicious IP 111.118.51.12.
111.118.51.12
Suspicious
API calls
GetObject
Case Study
Cybersecurity
Native AI
CONCEPT: Native AI partnering with security analysts and threat hunters through a full case investigation, from hypothesis to containment.
Product
AI Protection Platform
Customers partnering with AI to build a story (investigation), layer by layer.
Challenge
1 Week
Deadline for design concept, referencing a single requirements document.
Business Impact
96%
Reduction in MTTR (mean time to respond). Zero-work-to-insight investigations.