Platform

What Is an Online Ecosystem?

Your online ecosystem includes more than just your third-party vendors.

Every asset your customers and employees access when interacting with your company online makes up your
online ecosystem.

These assets may be owned by your organization, owned and operated by a third-party vendor, or exist somewhere in your long chain of Nth-degree vendors. This ecosystem represents an organization’s external attack surface.

Image

Third-party Dependencies
Weaken Your Defenses

One web page typically has dozens, if not hundreds, of resource dependencies pulled from third-party hosts.

HTML or JavaScript Dependencies

Dependencies create a sprawling ecosystem, with the most prevalent connections created by HTML or JavaScript. These can be found in HTML image import tags, script tags, CSS, and others that pull information from third-party vendors and websites. Cyberpion provides dependency discovery and thorough attack surface visibility.

Redirects

Redirects impart a sense of trust onto the redirected sites and need to be monitored and managed. Rather than asking your security team to manually crawl each page on your site and find every redirect, Cyberpion’s attack surface visibility shows all the redirects across your online presence on a single dashboard.

Image

External Attack Surface Visibility: Beyond third-party connections

In many cases these dependencies form long chains: the cloud infrastructure of the authoritative name server of a third-party email server could be hijacked—which has the same result as taking over the mail server directly. A third-party script will reference a fourth-party script. That fourth party may in turn reference a fifth party, and it continues on and on.

Every connected asset within your sprawling ecosystem could be a potential vulnerability.

Growth in Attacks via Third-parties

Ecosystem attacks will continue to increase as malicious actors discover that this path of least resistance offers the best return on their investment. By taking control of a single third-party asset, attackers can leverage that asset to target all customers through direct or indirect connections to that asset. Because this access comes through a third-party vendor or partner, the attacker avoids an organization’s sophisticated firewalls, logs, virus scanners, or other detection tools.

Infamous exploits of ecosystem vulnerabilities include Magecart style attacks and cloud-based asset abuse. Both start from ecosystem vulnerabilities like third-party JavaScript inclusions or poor cloud configuration.

But that’s only the tip of the iceberg in terms of possible attacks and exploits. Nearly 50% of all cyber attacks are initiated from an organization’s digital supply chain.

Cyberpion enables security teams to guard every component of their ecosystem with attack surface visibility, continuous vulnerability assessment, and active protection.

The Latest From Cyberpion

Recent EA Hack Highlights Enterprise Security Learning Curve with Regards to “Trusted” Third-party Infrastructures

Recent EA Hack Highlights Enterprise Security Learning Curve with Regards to “Trusted” Third-party Infrastructures  A few months ago, Cyberpion approached EA with…

ByBycyberpionJune 15, 2021

Remediation vs. Mitigation — Third-Party Vulnerability Management

Remediation Vs. Mitigation — Third-Party Vulnerability Management Neglecting to address third-party vulnerabilities can cause widespread problems for your organization, the…

ByBycyberpionMay 28, 2021

Introducing Cyberpion’s Ecosystem Security Partner Program

Introducing Cyberpion’s Ecosystem Security Partner Program What is an Ecosystem? While there has been no shortage of headlines regarding cybersecurity…

ByBycyberpionJanuary 31, 2021

A Tale of Ethical Disclosures

A Tale Of Ethical Disclosures In many recent conversations I keep talking to family, friends, colleagues and even people in…

ByBycyberpionJanuary 25, 2021

Let us
Show You.

What do you really know about the security posture
of your digital ecosystem?

See the risks you’re exposed to with a vulnerability assessment.

Scroll to Top