[ThreatFactor NSIA v1.0.6] Network System Integrity Analysis
ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations. At it’s core, ThreatFactor uses an advanced analysis engine that is capable of detecting a wide variety of issues and can be modified with custom signatures.
NSIA can be configured perform almost any action once an issue is identified, such as sending a text message (IM, email, SMS) or executing a script.
Type of Issues Detected
The ThreatFactor solution was designed specifically to help organizations quickly identify issues on your websites that may tarnish your organization’s image or adversely affect your customers, partners and employees such as:
- Website Defacements
- Malicious users are trolling the Internet specifically for websites to deface. Oftentimes, these websites contain offensive language or images and likely result in tarnished image.
- Compliance and Privacy Issues
- ThreatFactor can detect issues that may adversely affect compliance or user privacy such as: forms that submit passwords unencrypted, pages that accept user information but don’t include a privacy policy, etc.
- Web Exploits
- Oftentimes, attackers compromise a website and install exploits to attack the website visitors. These are often classified as silent defacements since the site does not look like it was visually changed. Sophos noted that the vast majority of websites hosting malware (around 80%) are legitimate sites that have been compromised . Furthermore, ThreatFactor can detect websites that have been modified in such a way to send private customer information (such as login information) to a third party.
- Sensitive Information Leaks
- Websites can leak sensitive information through detailed error messages, misinformed blogger employees, and files that were not intended to be provided to the public.
- System Failures
- ThreatFactor can detect many types of website system problems such as:
- Broken Links
- Error and warning messages
- Poorly configured servers or servers with default configuration
- Expired SSL certificates
- Server errors
Key Features
- Automatic Content Baselining and Self-Tuning
- ThreatFactor automatically creates analyzes monitored sites and establishes a baseline; the baseline is used to self-tune the system in order to reduce the rate of false alerts and to increase the sensitivity to potentially unauthorized changes.
- Automatic Web-Content Discovery
- ThreatFactor automatically discovers the content associated with monitored websites; oftentimes finding hidden or unexpected content.
- Built-In Web Interface
- ThreatFactor features an built-in web-server that makes administration easy using a web-browser.
- Comprehensive Signature Set
- Includes over 2000 signatures for issues ranging from exploits and privacy problems to offensive language.
- Full Access Controls
- The ThreatFactor servers supports rights, object-level access controls that can be applied to users and groups.
- Integrated Custom Signature Editor
- A syntax highlighting signature editor is provided for writing custom ThreatPattern and ThreatScript signatures.
- SIEM Integration
- ThreatFactor can log to a an external device such as a Security Information Event Management (SIEM) tool or log management solution.
- Integrated Database
- ThreatFactor features an integrated database and eliminates the need for a DBA.