ELSA (Local Exposure and Attack Surface) is a cyber security solution developed by DELTA90 and CCN-CERT, the Computer Emergency Response Team of the National Cryptologic Centre, CCN, under Spain’s National Intelligence Centre (CNI), and launched at XVII Jornadas STIC.
Monitoring, at a national level, of every asset connected to the Internet to detect attack vectors and exposures of any public organization or administration, improving government’s Incident Response capabilities.
SEE YOURSELF THROUGH THE EYES OF THE ATTACKER
IT environments are designed to be dynamic. They evolve organically, through cloud computing, unsecured networks, SaaS deployments, containers, microservices, IoT devices, applications, infrastructure and data that are often added without adhering to organizational security policies. Legacy sprawl, orphaned infrastructure and an increasingly distributed workforce are ever-present complications.
Even with custom tools security teams cannot easily see the entirety of their rapidly expanding attack surface and address its challenges. ELSA combines extended enterprise visibility and continuous monitoring capabilities infused with the latest DELTA90 Threat Intelligence to help organizations discover exposures and analyze internet assets across today’s dynamic, distributed and shared environments.
Maintaining a manual inventory of assets is time-consuming and error-prone. Having an outside-in view of your attack surface will allow you to detect unknown assets and exposures to help you reduce your attack surface.
Most organizations are unaware of their exposed surface, so ELSA does not need to be fed initial inventory that could lead to a lack of visibility of critical parts. Thanks to its learning algorithms, it is capable, autonomously and without initial interaction with the client, of obtaining all the exposed assets.
Attack surfaces are constantly changing. ELSA scans the entire IPv4 space up to several times a day to discover all your Internet-connected assets and track changes that could pose a risk.
Mitigating threats requires knowing who is responsible for a vulnerable asset. With ELSA, even previously unknown assets can be traced back to interested parties to ensure rapid remediation.
A typical organization encounters, on average, two security issues per day, while attackers encounter one every hour. ELSA keeps its asset inventory up to date so you can stay ahead.
It has rapidly become a top enterprise priority because massive adoption of cloud, SaaS and mobile across a distributed workforce means an expanding, evolving and changing attack surface subject to an increasing number of sophisticated threats.
The explosion of cloud, SaaS, containers and microservices means more applications in more locations, each with unique security requirements and vulnerabilities.
Employees are relying on mobile devices to perform their work. Organizations are adopting IoT devices and sensors to collect and exchange data.
Any employee can introduce any of these elements – cloud, SaaS, mobile devices, random data storage – to the work environment with minimal governance.
ELSA has specific modules to help organizations improve their visibility and response capabilities before incidents, including:
Domains and Subdomains
Cryptography
Ports and Public Services
Ranges and IP addresses
Vulnerability Management
Metadata and other information
Phishing threats
CPEs y CVEs
Risk Analysis and Management
API integration
Historical Storage
Techonology Discovery
