Intel 471 is thrilled to announce the availability of our new Cyber Threat Exposure portfolio of solutions on Verity471, our game-changing CTI-powered SaaS platform, Verity471. Our new platform unifies our Cyber Threat Intelligence, Cyber Threat Exposure, and Cyber Threat Hunting portfolios to help customers meet the growing need for intelligence-driven cybersecurity in today’s rapidly evolving threat landscape.
Verity471 helps teams mitigate ransomware and data extortion threats that routinely target external-facing assets to gain initial access. Applying threat intelligence to attack surface exposures can help prioritize remediation before it’s too late. But not all security teams enjoy support from mature in-house CTI programs; and even the most capable CTI teams require swift actionability of tactical intelligence data so they can spend precious resources on more sophisticated threats.
Our Cyber Threat Exposure solutions, available now on Verity471 in Exposure mode, address this CTI capability gap by putting Intel 471’s premier adversary intelligence and continuous CTI data collection from the cyber underground in the hands of all security and risk teams, enabling CTI programs at all levels of maturity to quickly detect and address external threats that matter most to their organization.
Modern enterprise attack surfaces are vast and dynamic. Threat actors routinely scan the internet for unpatched vulnerabilities and misconfigurations in internet-facing assets. Exposures can be introduced through new, un-sanctioned, and legacy externally-facing assets spanning databases, cloud storage buckets, non-production environments, remote desktop instances, web applications, and interconnected third-parties. Exposure mode on Verity471 provides a set of attack surface management modules that automate the discovery of externally-facing assets and help identify broad sets of vulnerabilities and misconfigurations.
The true power of Verity471 lies in strengthening all cybersecurity and security operations teams with solutions and tools that help them rapidly operationalize our premier CTI for proactive threat hunting, detection, response, and remediation.
This is one of the primary reasons Intel 471 has introduced the Cyber Threat Exposure Portfolio of solutions on Verity471, which provides user-friendly modules that help security teams operationalize intelligence to proactively shield their operations and mitigate third-party cyber risk. The initial launch of our Cyber Threat Exposure portfolio are Attack Surface Exposure, which identifies exposures affecting an organization’s own external attack surface; and Third-Party Exposure, a module for monitoring important third parties, such as vendors and suppliers, and mitigating cyber risk.
Attack Surface Exposure
The Attack Surface Exposure module does the heavy lifting of finding external-facing assets and exposures and correlating relevant threats and associated CTI. This is an essential tool for reducing risk and meeting compliance with a threat-led approach to prioritizing remediation of at-risk vulnerabilities and misconfigurations.
All asset and exposure findings are enriched with our unique insights into weaponized and sought after CVEs, mentions of your company’s domain names on cybercrime forums, messaging channels, and marketplaces; and company mentions in data extortion leak sites, underground breach alerts, and intelligence reports.
Deep insights, prioritization, and pivoting to CTI reports
The Attack Surface Exposure risk scoring dashboard provides a snapshot of overall risk exposure, the number of critical findings, risk scores per monitored asset group, and exposure finding trends over time. The threat indicator icon alerts users to relevant threat reports from our vulnerability and malware dashboards, breach alerts, and intelligence reports from Intel 471 experts.
Users can set up Monitors for priority asset groups to scan your organization and correlate exposures with Intel 471’s comprehensive underground sources. Monitors can be set to run daily, weekly, or monthly for passive or active data collection.
The module provides thorough asset discovery through our unique, iterative OSINT-centric data collection, active scanning, and correlation to identify broad sets of vulnerabilities and configuration issues. It is also extensible and integratable using REST API, Firehoses, and custom Python modules.
We have also introduced a workflow management capability enabling teams to track findings through their remediation lifecycle and ignore findings that are accepted risks or false positives. This enables your team to focus on new exposures and track what is being handled.
Third-Party Exposure
Data breaches through suppliers doubled from 15% to 30% of all breaches in Verizon’s 2025 Data Breach Investigations Report. The Third-Party Exposure module removes the need to rely solely on vendor security questionnaires, empowering teams to “trust but verify” their partners, vendors, suppliers or acquisition prospects don’t pose unacceptable risk. This module allows users to target priority third-party domains, IP ranges, or specific hosts of interest and create tailored scanning profiles for routine passive or, where appropriate, active data collection. This identifies critical CVEs, exposed databases, third-party breaches, and more affecting your third parties.
Third-Party Exposure guides users to relevant intelligence on weaponized CVEs, third-party breaches, and data extortion leak sites. The dashboard provides transparent risk scores based on the entity’s importance to the organization as well as the number of exposures identified and their criticality. This tool is critical for organizations to proactively manage supply chain and third-party risk as required by new and existing cybersecurity regulations.
- Focused interface for monitoring third-party cyber risk
- Identify critical CVEs, exposed databases, breach alerts and more affecting important third parties
- Contextualized findings prioritized using Intel 471’s leading threat intelligence on weaponized CVEs, third-party breaches, and data extortion leak site events
Case study: Actionable CTI for Prioritized Remediation
Mapping timely threat insights to attack surface exposures is critical for prioritization.
The Attack Surface Exposure module is an essential tool for security and risk teams to thwart today’s data extortion threats. Initial access brokers play a critical enabling role in ransomware and extortion attacks. In the second quarter of 2025, our analysts observed that corporate remote access portals, RDP-based services, and enterprise VPNs remained top technology categories in underground offers for compromised access to corporate networks. During the period, our researchers identified unauthorized access offers to 345 unique organizations. Mentions of a company’s domain names are mapped in real-time to relevant Attack Surface Exposure findings and accessible via module’s threat icon.
The recent surge in exploitation of the so-called “CitrixBleed 2” vulnerability, tracked as CVE-2025-5777, exemplified the speed at which multiple attackers can exploit new vulnerabilities affecting widely deployed internet-facing assets. Proactive Attack Surface Exposure module scans enable early discovery of affected assets within scope of active asset Monitors. Positive findings are contextualized with real-time intelligence on the CVE’s exploit status, underground mentions, and breach alerts. This equips teams to operationalize critical intelligence with the speed and context they need to ensure asset owners prioritize remediation.
The original CitrixBleed became one of the top routinely exploited vulnerabilities in 2023, according to several national cybersecurity agencies. CitrixBleed was highly targeted by ransomware groups to gain initial access to enterprise environments. LockBit established a team of affiliates to exploit CVE-2023-4966 to obtain initial access within three weeks of its public disclosure.The Black Basta ransomware group’s leaked conversation logs confirmed the group closely tracked CVE-2023-4966 for active exploitation, and Play ransomware operators also weaponized CitrixBleed. Tracking the tactics and techniques used by actors behind these groups is vital for informing future mitigation strategies as ransomware groups disband and rebrand under new names.
See How Verity471 Can Help You
To see Verity471 in action and how it can improve your proactive cybersecurity strategy, download our new white paper The Black Basta Blueprint: Your window to the ransomware group’s inner workings. The analysis of Black Basta’s behavior equips organizations with the insight needed to defend against these actors as they resurface under different guises in the future. It also demonstrates how Verity471 helps your teams transform insights into action. With fully contextualized intelligence on the Black Basta leak from the attackers’ perspective, our security experts, intelligence analysts, and threat hunters provide a useful guide to using our solution portfolios across Threat Exposure, Threat Intelligence, and Threat Hunting. And if you’re attending Black Hat 2025, come by our booth #5742 to get a live demo of Verity471 or book a meeting with an Intel 471 Pro here: https://intel471.com/lp/black-hat-usa-2025