Footprinting and information gathering should be smart, practical, and accessible without breaking the bank.
Organizations typically rely on proprietary software and enterprise tools to gather exposure information. This approach is insufficient - most attackers do not use commercial software, tools, or methods, but rely instead on open-source tools and techniques. Foretrace uses those very same tools and techniques in our solution, painting a clear picture of what adversaries actually see. Armed with this knowledge, our clients can proactively limit what information malicious actors can find, saving time and money.
A successful cyber attack starts with reconnaissance. The attacker finds initial targets in a variety of places:
Unpatched systems facing the internet
Leaked usernames and passwords
Metadata found in public documents
Domains with lexical similarity (which can be used for phishing)
And much more...
The information gathered in this phase guides the attack and occasionally gives the attacker enough to gain access immediately. Proactively discovering exposed information is thus crucial to any security posture - and yet, most information security departments do not actively search for it. Only those that can afford expensive penetration tests (which only reveal a snapshot of exposure at the time of assessment) or who have the time and resources to compose custom solutions (which require maintenance and continuous R&D) get to assess their exposure.
We at Foretrace believe that identification of external gaps and information exposure should be simplified and that its continuous monitoring should be woven into the fabric of security operations through automation of current attacker techniques - all without cost-inefficient software and strategies.