Free Trial
Get Full Access
Log in

Continuous Monitoring of Web Reconnaissance Platform

Picture of Flare
Flare
  • Reading time: 2 min

Using web reconnaissance platforms to monitor your attack surface or run investigations can be time-consuming, especially when we’re looking to understand what happened at a point in time in the past. These platforms do sometimes provide a view on all the past collected data included in a paid subscription, but navigating and interpreting the information can be a challenge.

In our approach to provide a comprehensive external attack surface view behind a single pane of glass, we’ve therefore included in Flare, an overlay on that host/port data to help users quickly understand, filter, and gain insights from the entire history of a host.

host port history

When you receive an alert concerning a host, you can get a quick understanding of past risks and issues relating to it, without leaving the platform. This reduces the time required to triage and remediate the alert. An incident requiring you to investigate past events will also be more efficient with the Flare data being readily available to match and correlate past host activity.

Let’s now dive into a use case example on how this new feature could be used in daily cybersecurity operations.

Web Reconnaissance Platform Integration – Use Case

On a busy Tuesday morning, a systems administrator opens a new port on a public server, reachable by a public IP address. Without Flare, this would have been invisible to the security team, but the team now receives an alert for a newly opened SSH port on a host related to their organization. An analyst jumps in the Flare platform and notices that the host has no other current open ports, but that 3 months ago, the same port 22 had been open for 4 hours.

The analyst reviews past incidents in his incident management platform and the past date then, immediately ties the server to a precise individual inside the organization. He reaches out to the employee, asking if the desired port opening was part of a planned activity. The system administrator realizes that a mistake had been made and that the port had been open on the wrong server. He immediately closes the port, before a malicious actor gets enough time to access the server. The security analyst closes the incident and can get back to his regular operations.

Share This Article
View posts

Flare

Related Content

, ,

AlphaLock, Threat Actor Branding, and the World of Cybercrime Marketing

Read More

Ransomware in Context: 2024, A Year of Tumultuous Change

Read More

Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth

Read More

“What used to take about 1500 hours to complete can now be done in 1 week. Flare allows me to empower junior analysts to do dark web investigations that were previously impossible, hence liberating bandwidth.

Senior Security Specialist at a MSSP

“Other solutions would present us with thousands of potential leaks which were impossible to work with for our small team, Flare was the only one that could successfully filter and prioritize data leaks with their 5-point scoring system.”

CTI Director at a Major North American Bank

“Flare enables us to react quickly when threats are publicized. It helps us protect our brand and financial resources from data breaches.”

CISO in a Major North American Bank

“We audited dozens of different solutions and Flare was the only one making CTI easy and understandable for all, with the right data.”

Senior Advisor at an IT Services Industry

Start your free trial today

Experience Flare for yourself and see why Flare is used by organization’s including federal law enforcement, Fortune 50, financial institutions, and software startups.

START FREE TRIAL
Flare logo
Get a Demo
Free Trial
Linkedin Twitter Facebook Youtube
Copyright 2024 Flare Systems, Inc.
1751 Rue Richardson, Unit 3.108, Montreal, Quebec, H3K 1G6

Flare HQ

soc 2 cybersecurity company
Flare logo
Free Trial
Get Full Access
Log in