External Attack Surface Management – Think Like the Burglar!

We all want to keep our home secure – close the garage, lock the house windows and doors. Yet, many times a burglar still gets in, and later we scratch our heads and say, “I never thought of that way in.”

It’s the same thing for your company. Attackers, hackers and other bad actors are working tirelessly to get into your systems. For cybersecurity professionals, a company’s “windows and doors” are your organization’s information systems, networks, assets, open ports, exposed services, unpatched software, weak passwords, and more. This is your company’s “attack surface.”

Rama Yenumula is Director of Prolifics’ security line of business. “The attack surface is not a new idea for security professionals. The concept has been around for many years and has been a fundamental aspect of cybersecurity practices. The term ‘attack surface’ was coined in the early 2000s, but the underlying principles of managing vulnerabilities and reducing risks predate this terminology. Cybersecurity professionals have always been concerned with identifying and mitigating potential security risks by understanding the different entry points that could be exploited by attackers.”

At your home, your attack surface – your windows and doors – remains fairly constant. This isn’t the case with your company, however. With today’s multi-cloud deployments, mergers and acquisitions, integrations, APIs and applications, and – yes – remote workers, the attack surface is constantly shifting and ever changing.

“Somebody is trying to penetrate your organization using different techniques, 24/7,” said Rama. “The attacks are more sophisticated, and the breaches are more prominent. Meanwhile, in its digital transformation journey, a company may deploy or upgrade new things every day. The attack surface is not constant.” Annual or semi-annual security testing isn’t enough to protect the ever-changing attack surface.

So, what’s the best way to protect your company’s attack surface, so we don’t have to scratch our heads and say that we never thought of that way? Rama said, “A newer approach is external attack surface management (EASM). It’s a newer mindset to analyze it all from the outside, looking in – viewing your organization like an attacker would.”

There are generally two components to EASM:
Reconnaissance (or recon) – Recon is an accurate and authentic discovery designed to continually identify your exposures, the easiest targets, and which targets are of greatest interest to an attacker.
Attack (or red teaming) – Attack is having a professional team purposely attempting to breach your systems, so you can rate and fix your cyber defenses.

How do you implement EASM? There are many software products out there. Gartner recently released
Best External Attack Surface Management Software Reviews 2023 | Gartner Peer Insights.

One highly reviewed product was IBM’s Randori, a software providing continuous asset discovery and issue prioritization from an attacker’s perspective. As IBM states, “Just like real threat actors, Randori Recon continuously monitors your external attack surface, uncovering blind spots, misconfigurations and process failures that would otherwise be missed. Using a black-box approach, Randori finds the Internet Protocol version 6 (IPv6) and cloud assets that others miss.”

ON-DEMAND WEBINAR

“Protect Your Attack Surface with an Outside-In View”
This webinar addresses the critical question of what your organization looks like from an attacker’s point of view, while outlining how you should prioritize the exposures which pose the greatest risk.
Your host is Evan Anderson, Chief Offensive Strategist and founding team member of Randori. He has more than 15 years of experience in red teaming, vulnerability research and exploit development.

 

Watch It Here

 

About Prolifics

At Prolifics, the work we do with our clients matters. Whether it’s literally keeping the lights on for thousands of families, improving access to medical care, helping prevent worldwide fraud or protecting the integrity and speed of supply chains, innovation and automation are significant parts of our culture. While our competitors are throwing more bodies at a project, we are applying automation to manage costs, reduce errors and deliver your results faster.

Let’s accelerate your transformation journeys throughout the digital environment – Data & AI, Integration & Applications, Business Automation, DevXOps, Test Automation, and Cybersecurity. We treat our digital deliverables like a customized product – using agile practices to deliver immediate and ongoing increases in value. Visit prolifics.com to learn more.