What External Cybersecurity Is and Isn’t

The Castle and Moat. The Orange Book. Defense-in-Depth. Zero Trust. There are a lot of security strategies out there. Some are obsolete. Some are mission critical. Some are overhyped but underperform. One thing all the above cybersecurity strategies have in common is they all only consider the assets within the corporate environment a company and its security team controls. But businesses market and engage with customers outside their owned infrastructure. The same platforms businesses use to reach customers are also used by criminals and state threat actors to reach victims.

Data breaches, social media and domain spoofing, and other types of attacks are more common than ever, often desensitizing the public to the severe consequences that can follow. Security teams are barely able to keep up with the organizational assets within their managed environments. They don’t have time to chase every social media account or Underground Forum post that might be related to their brand, VIPs, or customers.

So what is a business to do? This is where external cybersecurity comes in. 

Get your copy of the Guide to External Cybersecurity.

Protection Outside the Perimeter

The traditional network perimeter is long gone. Although internal and edge security are still critical to defending against adversaries, the gray space – the space outside your corporate perimeter where both legitimate businesses and cybercriminals interact with customers and victims – is a hotbed for online scams and cybercrime. This gray space encompasses the internet infrastructure, applications, platforms, and forums that are neither owned by a legitimate business/organization nor threat actor, and as such, assets in the gray space are typically managed by a third party. Think social media platforms, app stores, career sites, chat/collaboration tools, code-sharing sites, the Underground Economy, to name a few examples. 

Simply put, because your business operates in the gray space, alongside exploitative threat actors, your assets, your people, and your customers, need protection in that space. 

Historically, businesses are at the will of the individual software or platform owner to ensure that they and their customers’ data doesn’t wind up for sale on the dark web. Further complicating the challenge is the fact that the number of criminals who create spoofed accounts and domains or who typosquat is growing faster than most platforms can fully handle. Customers justifiably expect organizations to keep them safe when they interact with a brand, a task that is increasingly challenging. The good news is that there are proactive external cybersecurity strategies to safeguard your business beyond traditional security controls.

Since external cybersecurity is a new term, it is often misused and misunderstood, broadly applied to encompass any new technology in need of securing. But in reality, external cybersecurity is defined as the orchestration of humans and machine intelligence to discover and disrupt threats beyond the corporate perimeter. This includes technologies that monitor the gray space to discover and disrupt the adversary. 

Defining What External Cybersecurity Is and Isn’t

External Cybersecurity Is: 

  • The best way to monitor everything outside of your corporate perimeter. This is not a replacement for your traditional security plan, but is an important and necessary extension for security teams to ensure safety across the ever-expanding attack surface.
  • Powered by both human experts and artificial intelligence. Taking all of the data found across the surface, deep, and dark web, external cybersecurity helps you understand context and relevance, providing actionable steps to disrupt the adversary.
  • A component of executive and physical security, not only cybersecurity. Through analysis of conversations in open and closed forums, information in the Underground Economy, external cybersecurity helps keep humans safe as well as digital assets. 
  • Important for use in the analysis and takedown of posts that threaten the reputation or safety of your brand and people. This may include the take down of social media posts or pages as well as communication with ISPs and other partners to stop criminals from being able to strike again. 
  • Useful for effective strategies regarding executive protection, physical security, brand protection, domain protection, and dark web monitoring. 
  • Able to detect insider threats selling IP or remote access. It can also detect indicators of physical or reputational harm to the brand or fellow employees.

External Cybersecurity IS NOT: 

  • A replacement for firewalls, endpoint detection and response solutions (EDR), cloud access security brokers (CASB), etc. These are still critical to keep intruders from breaking into your corporate environment(s), as are phishing tests and other internal security training you may have in place. However, external cybersecurity provides greater awareness of data sales and attack planning on the dark web through Threat Intelligence if you have been breached.  
  • Protection from ransomware and malware. Instead, external cybersecurity helps proactively predict and mitigate threats that may seek to distribute ransomware and malware.
  • Exclusively reliant on technology. AI is an important component of external cybersecurity and proactive security as a whole, but technology alone doesn’t steer the ship. AI is a hot topic, particularly popular in cybersecurity collateral, but it shouldn’t be mistaken for the only important or key component of navigating the external threat landscape. 
  • The security controls you install on your assets. For example, applying security or privacy settings to your LinkedIn account isn’t the same thing as engaging in external cybersecurity practices.
  • Simply another word for digital risk protection. Digital risk protection plays a role in a holistic external cybersecurity program but is by no means as comprehensive.

Learn More about External Cybersecurity

External cybersecurity is a robust, emerging category purpose-built to disrupt threats before they can damage your business.To learn more about it and how to get started creating your external cybersecurity strategy, download our whitepaper here. 

See ZeroFox in action