The foundation of Cybersecurity: External Attack Surface Visibility.

The foundation of Cybersecurity: External Attack Surface Visibility.

Share:

Share on linkedin
Share on facebook
Share on twitter

The move to cloud changes how organizations protect data by creating distributed workforces and IT ecosystems. In parallel, threat actors target organizations because they know that these changes create visibility issues. 

Complex infrastructures create visibility issues, leaving organizations with unidentified assets and unmanaged risk. To combat this, organizations adopt various cybersecurity technology tools, hoping to find a way to mitigate these risks. 

External attack surface visibility is the foundation of a robust, proactive cybersecurity program.

The-shift-to-cloud-changes-data-protection

What Is a Cyber Attack Surface? 

The cyberattack surface, also called external attack surface, is all the access points and public-internet facing assets for a system, system element, or environment that threat actors can use to:

  • Gain unauthorized access 
  • Make changes to systems, networks, or data
  • Steal data

The external attack surface consists of all known, unknown, and potential vulnerabilities impacting hardware, software, and network components across cloud, third-party, or subsidiary environments.

How Much of Your External Attack Surface Can Attackers See?

The first stage of an attack is always reconnaissance. During this stage, threat actors scan an organization’s networks looking for any vulnerabilities or weak controls that they can use to gain access to systems, networks, and software. 

As part of their reconnaissance, threat actors scan for:

  • Domains
  • Subdomains
  • Whois Information
  • Directory information
  • Simple Storage Service (S3) buckets
  • Systems and programs running on the network
  • Vulnerable machines
  • Open ports
  • Wireless network access
  • Internet of Things (IoT) devices
  • Vulnerable applications

Often threat actors use a series of known tools to engage in passive reconnaissance, including:

  • Public databases: information about IP addresses and domain names
  • Side-channels: information or signals leaked from screens, printers, and keyboards
  • Social media: gather information about employees, technologies, and infrastructure from posts and job opportunities

Data leaks: search for credentials and other information related to the target in previous data leaks.

How Much of the External Attack Surface Is Visible to an Organization?

Organizations have very limited visibility into their external attack surface.

external-attack-surface-visibility
64% of your organizations’ assets are part of its unofficial network perimeter.

Research over the past few years supports the lack of visibility organizations have into their external attack surface. For example, Reposify’s data shows:

  • 64% of organizations are unaware% of their internet-connected assets, on average
  • 38% of successful attacks in 2019 arose from shadow IT, misconfigurations, and unknown exposures

Independent research supports Reposify’s findings:

  • 30% of successful attacks experienced by enterprises in 2020 would be on their shadow IT resources, according to a 2016 Gartner prediction. 
  • 120,000 Internet-scale IoT devices were exploited in 2019 according to published academic research
  • 50% of Miscellanior Errors leading to breaches arose from sysadmins and developers according to the 2021 Data Breach Investigations Report
  • 17% of data breaches arose from cloud misconfigurations, costing an average of $3.86 million per breach, according to the 2021 Cost of a Data Breach report

Lack of visibility into the external attack surface is a real – and expensive – a problem that organizations face.  

Why Do Organizations Struggle With External Attack Surface Visibility?

Before cloud migration, most of a company’s digital assets were managed on-premises. It purchased all the hardware, including workstations, phones, and servers. 

All the assets went through time-consuming, formal provisioning processes. IT teams were able to protect assets with firewalls that prevented malicious traffic from accessing the organization’s networks. 

Cloud migration changed all of this. 

Today, organizations need to manage a plethora of cloud-based technologies, remote users, and remote devices. Some examples include:

  • Workloads
  • Serverless functions
  • Employees traveling on business
  • Third-party contractors connecting to networks
  • User-installed applications or “Shadow IT”
  • File Shares
  • Smartphones and tablets

Cloud technologies that save money can also exist for a short period of time. For example, a development team might spin up a test environment for a few hours, before taking it down. A misconfiguration can turn that test environment into a data breach, especially if one of the devs forgets to take down the environment.

What Is the True Meaning of “Visibility”?

External attack surface visibility means that the organization is able to identify, inventory, and monitor all assets in real-time, including ones that only last for a short while. 

Often, vendors supply their own tools for keeping track of digital assets. For example, Google Cloud provides a Cloud Asset Inventory tool so that IT, security, and operations admins can identify changes to the environment. 

However, this poses several problems, including:

  • Too many different tools that make true visibility impossible
  • Inability to detect Shadow IT
  • Inability to simulate attacks
  • Failure to detect data leakage
  • Several teams, each with their own needs and monitoring plan

In the end, organizations start collecting security technologies to fill in each gap.

The Spectrum of Cyber Security Visibility 

As the organization’s corporate IT stack changes, its cybersecurity technology stack must evolve, too. For each new visibility problem, a new point solution exists. However, each technology across the spectrum provides visibility into some areas while leaving blind spots in others. 

Red Team Tools

However, organizations need to consider the following problems:

Red team assessments are done by internal security professionals who use the same tools that threat actors use. They attempt to find security control weaknesses by acting like cybercriminals. 

  • Red teams can only test known assets.
  • The tools may not detect unknown assets.
  • They fail to provide real-time visibility into all risks, at all times. 

Vulnerability Monitoring

These tools protect devices, applications, and operating systems by detecting known vulnerabilities so that the organization can install security updates. 

However, organizations need to consider the following problems:

  • They fail to identify unknown assets, leaving those at risk. 
  • They fail to protect against misconfigurations for cloud-based resources like S3 buckets

Data Loss Prevention (DLP)

DLP software scans networks to detect data downloading or exfiltration, blocking suspicious activity. 

However, organizations need to consider the following problems:

  • They can be difficult to deploy and require continued maintenance. 
  • They often fail to detect data loss caused by insiders which can also apply to threat actors using stolen credentials. 
  • They can only monitor for identified sensitive data, now unknown or uncategorized assets.

Security Ratings

Security ratings and risk scoring solutions often use network scanners to identify network assets. They scan for potential risks then apply a score indicating security control effectiveness. 

However, organizations need to consider the following problems:

  • They lack transparency around how they scan and score security. 
  • They may attribute resources incorrectly, leading to extra work for security teams. 
  • They lack the ability to detect all IP addresses and devices connected to networks.

Why External Attack Surface Management (EASM) Replaces Multiple Cybersecurity Technologies

EASM solves the problems that many other security technologies leave behind – unknown and unmanaged digital assets. As the perimeter extends beyond an organization’s networks and firewalls, organizations need solutions that help them discover assets & inventory them, assess risks, prioritize activities and get smart remediation recommendations.

Reposify: EASM to Eliminate Unmanaged Risk

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time

Reposify’s EASM tool maps the entire internet – not just an organization’s known IP addresses – for exposed assets that threat actors can use in an attack. This gives organizations the ability to uncover all internet-facing assets across all environments in the ecosystem: theirs, their 3rd party vendors, subsidiaries, and even potential fraud or phishing websites that are part of a malicious campaign targeting the organization.  

Then, they create automated maps showing all assets so that the organization can create a real-time, updated asset inventory. With EASM, organizations get real-time updates that add new assets as soon as they go online to eliminate unknown and unmanaged risks. 

EASM then identifies risks, prioritizes high-risk issues, and suggests remediation activities to ensure a proactive approach to cybersecurity monitoring. 

Additionally, organizations can track their security posture using historical data. This enables them to set key performance indicators for measuring their security posture and maturity, ensuring appropriate governance and Board reporting. 

As organizations work to enhance security and compliance, EASM gives them a way to reduce costs by eliminating multiple point solutions while also providing greater visibility into risk.

New call-to-action

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time

Share:

Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

This is how cybersecurity teams can improve IT asset management

Many organizations don’t realize that as they move mission-critical operations to the cloud, they also lose visibility into their assets. The answer lies in learning how to improve IT asset management.

External Attack Surface Management for Red Teams

With real-time visibility into the external attack surface, Red Teams can know when new assets go online for dynamic security across complex cloud and IT infrastructures.

Gartner Recognized Reposify for its Innovative External Attack Surface Management Solution.

Gartner has named Reposify to its 2021 Emerging Vendors list in the external attack surface management (‘EASM’) security category.