Abstract: Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an “internal network”) associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof.

Abstract: Systems and methods for network asset lifecycle management are described. Network assets may include ephemeral Internet-accessible assets such as IP addresses, domain names, digital certificates, and cloud infrastructure accounts. A set of addresses associated with a computer network such as the Internet are scanned. Response data is received from one or more network systems connected to the computer network and processed to identify one or more network assets associated with an entity such as an enterprise organization. Asset data indicative of the identified network assets are then stored to build a record of the network assets associated with the entity.

Abstract: Introduced here are security management platforms configured to estimate the risk posed by a public communication activity that involves an internal Internet Protocol (IP) address that resides on an internal network. Initially, a security management platform can examine network data to detect a public communication activity involving an internal IP address and an external IP address. Thereafter, the security management platform can probe the external IP address by transmitting a query designed to elicit a response, and then evaluate a risk posed by the public communication activity by analyzing response(s) received from the external IP address, if any, responsive to the query. For example, the security management platform may be able to determine whether a service determined to be vulnerable to unauthorized access is running on the external IP address.

Abstract: Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an “internal network”) associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof.

Abstract: Systems and methods for network asset lifecycle management are described. Network assets may include ephemeral Internet-accessible assets such as IP addresses, domain names, digital certificates, and cloud infrastructure accounts. A set of addresses associated with a computer network such as the Internet are scanned. Response data is received from one or more network systems connected to the computer network and processed to identify one or more network assets associated with an entity such as an enterprise organization. Asset data indicative of the identified network assets are then stored to build a record of the network assets associated with the entity.

Abstract: Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an “internal network”) associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof.

Abstract: Introduced here are security management platforms configured to estimate the risk posed by a public communication activity that involves an internal Internet Protocol (IP) address that resides on an internal network. Initially, a security management platform can examine network data to detect a public communication activity involving an internal IP address and an external IP address. Thereafter, the security management platform can probe the external IP address by transmitting a query designed to elicit a response, and then evaluate a risk posed by the public communication activity by analyzing response(s) received from the external IP address, if any, responsive to the query. For example, the security management platform may be able to determine whether a service determined to be vulnerable to unauthorized access is running on the external IP address.

Abstract: Introduced here are security management platforms configured to discover traffic flows that involve one or more internal Internet Protocol (IP) addresses that reside on an internal network. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify each internal IP address that was involved in a public communication activity over an interval of time. A public communication activity normally involves an exchange of data packets between an internal IP address that resides on the internal network and an external IP address that does not reside on the internal network. Moreover, the security management platform may create a list that includes at least some of the internal IP addresses that have been involved in public communication activities. The list may enable the security management platform to more easily discover security threats that might otherwise go undetected.

Abstract: Introduced here are threat detection systems configured to assess security threats to an internal network, which may be associated with an organization. A threat detection system can include one or more scanning mechanisms and a security management platform. The scanning mechanism(s) can probe at least one Internet Protocol (IP) address by transmitting a query designed to elicit a response, and then create probe data from any responses received from the at least one IP address. The security management platform, meanwhile, can acquire local netflow representative of traffic that crossed a perimeter of an internal network, examine the local network to detect public communication activities, and evaluate a risk posed by the public communication activities based on the local network and the probe data.

Abstract: Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an “internal network”) associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof.