Outside-In

  • 1 minute(s) read
Prev Next

Introduction

Outside-In Assessment in SAFE evaluates an organization’s external attack surface by analyzing publicly exposed assets, such as domains, IP addresses, applications, and services.

It focuses on identifying:

  • Internet-facing vulnerabilities

  • Misconfigurations

  • Exposed services

  • Breach and reputation risks

This approach simulates how an external attacker views the organization, without requiring internal access.

Outside-In Assessment in SAFE

SAFE performs Outside-In Assessment using a combination of:

  1. Digital Footprint Discovery

    1. Identifies external assets (domains, subdomains, IPs)

    2. Uses an enhanced attribution framework to map assets to organizations

    3. Supports high-confidence attribution with reduced false positives (~2%)

  2. Continuous Findings Detection

    1. Scans for vulnerabilities across:

      1. System Security

      2. Network Security

      3. Application Security

      4. DNS & Email Security

    2. Detects issues like:

      1. Open ports/services

      2. SSL/TLS misconfigurations

      3. Missing SPF/DKIM/DMARC

      4. Known CVEs

  3. Threat Intelligence Integration

    1. Leverages 100+ threat intelligence sources

    2. Includes:

      1. Vulnerability feeds

      2. Internet scan data (e.g., service exposure)

      3. Breach and incident datasets (since 2021)

  4. Fourth-Party Risk Detection

    1. Identifies dependencies on external vendors/services

    2. Uses signature-based and correlation techniques

  5. Refresh

    1. Findings refresh: every 15 days

    2. Attribution refresh: 30–60 days

Navigate to the Outside-In Assessment

  1. Navigate to a Third-party details page.

  2. Click the Outside-In Assessment card.

  3. The Outside-In page provides:

    1. Summary view

    2. Findings breakdown

    3. Detailed findings table

Summary View

The Outside-In Findings Summary provides a category-wise snapshot of detected issues.

Categories displayed (as per UI):

  • System Security

  • Network Security

  • Application Security

  • DNS Security

  • Email Security

  • Patching Cadence

  • Cyber Reputation

  • Compromised Systems

  • Breach Exposure

What each tile represents:

  • Total number of findings (instances) in that category

  • Severity distribution (color-coded):

    • 🔴 Critical

    • 🟠 High

    • 🟡 Medium

    • 🟢 Low

    • ⚪ Informational

Example Insight from Screenshot:

  • Network Security: ~6.5K instances → high exposure area

  • Application Security: ~1.12K instances

  • DNS Security: 0 (no issues detected or no data)

  • Compromised Systems: 6 (requires immediate attention)

Drill-down Capability

Clicking a category opens a detailed modal view, showing:

  • Severity-wise distribution: Critical, High, Medium, Low, Informational

  • Finding names (e.g., "Potentially Exploitable Systems")

  • Impacted asset count per finding

Outside-In Findings List

  1. Navigate to the Outside-In page for a third-party.

  2. Scroll to the Outside-In Findings section.

  3. View the findings table

  4. Here you can see the following details:

    1. Name: Finding title (e.g., CVE, misconfiguration)

    2. Severity: Critical / High / Medium / Low

    3. Finding Score: Risk score indicating severity & exploitability

    4. Mapped Controls: Linked SAFE control categories (e.g., SSW, DTE, HAOS)

    5. Asset Count: Number of impacted assets

Key Capabilities

  • Search & Filter: Filter by severity, score, or control

  • Sorting: Sort by risk score or asset count