Frequently Asked Questions

Cyber exposure refers to information that is available or assets that are visible on the internet. Even a small data leak from a 3rd party is a major concern. Exposure leads to attacks. Detecting exposure early allows you to proactively prevent damages. Although most data leaks are accidental, they can still lead to the same damage as intended data breaches. An intentional data breach happens when an inside or outside attacker is able to access organisation data. Previous cyber exposure enables these attacks.

The dark web refers to a technology that makes surfing sessions more private – technically, ‘anonymous’. As a result, no-one will be able to identify who is surfing the dark web, where this traffic originates from, or where the servers are that the person is using. The user does not know where the server is that they are accessing, nor does the server know who or where the user is. 

A user needs a specific browser to access the dark web. The tor browser is the most used, but other technologies like freenet and i2p are available.

Publicly available search engines such as Google only cover a limited portion of the Internet. This is the visible part that we call the surface web. Where the surface web ends, the deep web begins. This is everything you can potentially access with your browser that is not indexed by search engines. This could be your e-mail accounts, intranet, leak platforms, some discussion forums, private blogs and so forth.

In a Data breach sensitive, protected or confidential data is copied, transmitted, viewed, stolen or users by an unauthorized third party. Data breaches can cause damage to companies and individuals, as this type of Cyber Exposure can lead to further attacks.

CIH’s proprietary technology continuously collects information from the dark web, deep web and data breaches. Metadata factors are added to the data to make it more searchable and to create context of the content. Providing both real-time notifications as well as historical presentation of leaked information.

The data on the platform is continuously updated.

Start by creating an account. Continue by setting up the company keywords on the Discover page. Start with a few domain names and ip addresses. Cyber Exposure is discovered based on these details. Find out what assets have been discovered on the Exposed Systems module. Navigate to the Exposed Information module to review the exposed data.

Your actions are stored in your Activity Log. You can access the log by clicking on your avatar in the platform header. Added and removed keywords (Discover page) will be recorded and submitted to the compliance officer of your organization on a monthly basis. 

Domain names are the most important keywords, they allow you to discover both exposed assets and exposed information. Visit the Discover page for advice on how to best set up specific types of keywords. 

You can benchmark the account results against a group of similar organizations. The benchmark group can be selected by geography, industry and employee count.

You can benchmark the account results against a group of similar organizations. The benchmark group can be selected by geography, industry and employee count.

You can download reports from most pages. Download high level reports from the Home page or detailed information for the Asset Details pop-up window.

Exposure meter shows the residual risk from the last 12 months, you can lower the exposure meter score by marking the findings as remediated. Risk is calculated as a weighted sum of high, medium and low severity findings.

We continuously improve the functionality of the dashboards. At the moment all graphs have a set time period.

The severity level of a finding is automatically calculated based on the type of data and the risk associated with that type of data. For example an internal password receives a higher severity level than a clear text password which has a higher severity level than an encrypted password. You cannot change the severity level of a finding.

Tags are automatically added by our machine learning algorithm, which analyse the found data in each alert.

The findings are found based on your keywords and cannot be removed. You can mark a finding as remediated after you have mitigated the risk.

Every finding comes with a remediation suggestion. This allows you to take action and mitigate your cyber exposure risk.

A remediation action that you mark as remediated will move to the Remediation log. This is your repository of mitigated risks. All alerts related to the remediation action are tagged ‘remediated’. The score on the Exposure meter is adjusted to residual risk after remediation.

Your internet-facing assets are discovered based on assets you already know and have added to the Discover page. Asset discovery then uses a combination of active and passive reconnaissance techniques. In passive reconnaissance already existing information about your assets is collected from various open sources. As these sources also contain historical data, we check which of these assets are online today. 

To discover your assets which are not available in open sources, for example assets without hostnames, we use techniques like subdomain enumeration and ping sweeps. While these techniques are likely to generate a lot of network traffic on your DNS servers, they are not harmful as they utilize the basic internetworking protocols and mechanisms.

You may find that assets have vulnerabilities. These vulnerabilities are discovered using port scanning and banner grabbing to detect known vulnerabilities and security misconfigurations from your assets. The results for these scans are basic and their reliability is limited. 

The most reliable way to discover vulnerabilities for your assets is by activating Continuous Testing. Assets are actively tested for vulnerabilities. This type of testing uses fingerprinting, fuzzing and other offensive security techniques to detect vulnerabilities in services and operating systems. Fingerprints also work as keywords for various vulnerability databases to discover known vulnerabilities. 

Visit the Asset List. The list is automatically sorted to display assets with vulnerabilities first. Vulnerable assets are marked with a red triangle. Click the asset to view the vulnerability details.

Customs tags allow you to filter and group assets in any way you like. Add tags that are significant to your company. You can create and add as many tags as you like.

Our team will reply to a support request within 2 days, typically you’ll get a response within a few hours though.