What is the External Attack Surface?
An External Attack Surface, also known as Digital Attack Surface is the sum of an organization’s internet-facing assets and the associated attack vectors which can be exploited during an attack. This includes anything from domain names, SSL certificates and protocols to operating systems, servers, IOT devices and network services. These assets are scattered across on-premise, cloud environments and third-party vendors and represent the easiest way of accessing internal networks and sensitive data.
In the past decade organizations have accumulated an ever-growing list of public IP addresses to facilitate the communication between their internal network and the internet. Some of these IP addresses are officially registered but the majority of them are unregistered and ephemeral. Today, organizations’ external attack surfaces span beyond organizations’ known network ranges and often include assets managed by third party vendors.
What are the main challenges around External Attack Surface mapping?
Both the shift to the cloud and IT democratization have created a new reality on the ground. Most organizations have major blind spots and limited visibility into their Shadow IT and asset exposure to the Internet. Trying to map the external attack surface with the visibility provided by traditional tools is almost impossible. Here is why:
Distributed IT Ecosystems:
The days during which organizations had a well-defined network perimeter are long gone. Today, your assets are everywhere. In addition to your core network, you have regional offices, and subsidiaries, you work with third-party hosting providers, business partners all of which are connected to your network. As more and more assets are hosted beyond organizations’ firewalls, it has become increasingly difficult to efficiently manage and monitor them.
Multiple teams within the organizations are dealing with internet connected assets. IT managers, network engineers, DevOps and marketing are just a few. More often than not these teams are facing the dilemma of needing to quickly deliver results vs the need to comply with IT and security policies. Unofficial cloud instances, unproved websites and other assets will often be created without passing through official channels.
Your External Attack Surface is constantly Changing
What Are The Risks Associated With Limited Attack Surface Visibility?
The latest data breach report by Verizon indicates that 70% of attacks are perpetrated by external threat actors. These attackers are clearly seeing and exploiting weak points in the network perimeter which companies leave unprotected. This is not surprising as Reposify’s data shows that on average organizations are unaware of 64% of their internet-connected assets.
In 2016 Gartner predicted that by 2020, 30% of successful attacks experienced by enterprises will be on their shadow IT resources. Our recent analysis indicates that around 38% of successful attacks in 2019 were results of shadow IT, misconfigurations and unknown exposures to the internet that could have been avoided if organizations had better visibility of their attack surface.
How Does An External Attack Surface Management Solution Help?
External Attack surface management is simply the only way to discover, manage and monitor your perimeter-less network at scale. With Shadow IT being so prevalent and human errors unavoidable, external attack surface management is taking a center stage with more and more companies establishing dedicated teams for attack surface management and reduction.
Get More out of Your Existing Security Stack
How do you run a vulnerability scanner or pen testing on assets if you don’t know they exist? Getting an always up to date view of all your assets allows you to fully maximize the current tools you are using.
Optimize IT & Security Costs
Essential Components Of An External Attack Surface Management Solution
2. Business Context Insight
Ability to understand exactly to which business unit, subsidiary or 3rd party vendor each exposed asset belongs and how it is connected to the core network.
3. Automatic Asset Classification
Ability to instantly see all exposed assets by category, platform and service type .
5. Continuous External Surface Monitoring
Security insight generation and risks prioritization based on business context so you can focus on the most critical tasks at hand.