Fortinet black logo

User Guide

Home FortiRecon 24.1.b User Guide
24.1.b
24.2.0
24.1.b
24.1.a
24.1.0
23.4.a
23.4.0
23.3.a
23.3.0
23.2.b
23.2.a
23.2.0
23.1.b
23.1.a
23.1.0
22.4.a
22.4.0
22.3.0
22.2.0

Viewing the vendor risk assessment

Viewing the vendor risk assessment

The vendor risk assessment organizes the generated vendors data into:

  • Attack Surface Exposure: Provides an overview of the vendor company's assets and current security hygiene to assess the estimated risk exposure.

  • Darknet Exposure: Provides an overview of potential activity in hacker communities and darkweb marketplaces toward the vendor company. The estimated risk can be used to assess the likelihood of threat actors' interest in targeting the vendor company.

  • Security Incidents: Provides an overview of ransomware incidences and intelligence reporting so that action can be taken if the vendor company suffers a ransomware attack or is targeted by a threat actor.

Each of these sections is further divided into widgets that allow you to review detailed risk data in order to make informed decisions.

To view a vendor risk assessment:

  1. Go to Adversary Centric Intelligence > Vendor Risk Assessment.

  2. Select the vendor that you want to review. The Vendor Risk Assessment opens.

    Note

    You cannot review vendor information while the Status is Pending.

  3. Review the banner for high-level information on the vendor and the Overall Estimated Risk Exposure.

  4. Review the Attack Surface Exposure:

    Issue by Severity The distribution of security issues by severity on the vendor's attack surface.
    Security Issues The type of security issues identified and the assets affected, distributed by severity. Select a dropdown arrow in the Issue Category for further breakdown of the assets.
    Commonly Targeted Services The services on the vendor's attack surface that are commonly targeted and the number of assets exposing the service.
    Asset Distribution A geographical distribution of the vendor's assets.

  5. Review the Darknet Exposure:

    Darknet Mentions The number of mentions of the vendor's name or domain on platforms where threat actors perform active discussions.
    Dataleak Mentions The number of mentions of the vendors name or domain on datasets leaked by threat actors.
    Credential Breaches An overview of credentials affiliated with the vendor's domain that have been identified in third party data breaches.
    Botnet Infections

    An overview of botnet campaigns used to steal credentials from end users:

    • Compromised Employee Systems: The number of usernames from the shared infected system logs containing the email address domain affiliated with the vendor.

    • Compromised Users Systems: The number of credentials shared from the infected system logs containing the URL or application visited on the infected system matching the vendor's domain. These systems can be end users or employees.

    • Stealer Marketplace: The number of credentials stolen by threat actors containing the URL or application visited on the infected system matching the vendor's domain. These logs are being listed for sale on prominent stealer marketplaces.

  6. Review the Security Incidents:

    Ransomware Incident The vendor name or domain appeared on the victim list by a ransomware group.
    FortiRecon Intelligence Reporting FortiRecon ACI reporting contains mention of the vendor's name or domain.
Previous
Next

Viewing the vendor risk assessment

The vendor risk assessment organizes the generated vendors data into:

  • Attack Surface Exposure: Provides an overview of the vendor company's assets and current security hygiene to assess the estimated risk exposure.

  • Darknet Exposure: Provides an overview of potential activity in hacker communities and darkweb marketplaces toward the vendor company. The estimated risk can be used to assess the likelihood of threat actors' interest in targeting the vendor company.

  • Security Incidents: Provides an overview of ransomware incidences and intelligence reporting so that action can be taken if the vendor company suffers a ransomware attack or is targeted by a threat actor.

Each of these sections is further divided into widgets that allow you to review detailed risk data in order to make informed decisions.

To view a vendor risk assessment:

  1. Go to Adversary Centric Intelligence > Vendor Risk Assessment.

  2. Select the vendor that you want to review. The Vendor Risk Assessment opens.

    Note

    You cannot review vendor information while the Status is Pending.

  3. Review the banner for high-level information on the vendor and the Overall Estimated Risk Exposure.

  4. Review the Attack Surface Exposure:

    Issue by Severity The distribution of security issues by severity on the vendor's attack surface.
    Security Issues The type of security issues identified and the assets affected, distributed by severity. Select a dropdown arrow in the Issue Category for further breakdown of the assets.
    Commonly Targeted Services The services on the vendor's attack surface that are commonly targeted and the number of assets exposing the service.
    Asset Distribution A geographical distribution of the vendor's assets.

  5. Review the Darknet Exposure:

    Darknet Mentions The number of mentions of the vendor's name or domain on platforms where threat actors perform active discussions.
    Dataleak Mentions The number of mentions of the vendors name or domain on datasets leaked by threat actors.
    Credential Breaches An overview of credentials affiliated with the vendor's domain that have been identified in third party data breaches.
    Botnet Infections

    An overview of botnet campaigns used to steal credentials from end users:

    • Compromised Employee Systems: The number of usernames from the shared infected system logs containing the email address domain affiliated with the vendor.

    • Compromised Users Systems: The number of credentials shared from the infected system logs containing the URL or application visited on the infected system matching the vendor's domain. These systems can be end users or employees.

    • Stealer Marketplace: The number of credentials stolen by threat actors containing the URL or application visited on the infected system matching the vendor's domain. These logs are being listed for sale on prominent stealer marketplaces.

  6. Review the Security Incidents:

    Ransomware Incident The vendor name or domain appeared on the victim list by a ransomware group.
    FortiRecon Intelligence Reporting FortiRecon ACI reporting contains mention of the vendor's name or domain.
Previous
Next