{"id":14292,"date":"2023-07-29T23:04:51","date_gmt":"2023-07-30T04:04:51","guid":{"rendered":"https:\/\/prolifics.com\/us\/?p=14292"},"modified":"2025-09-18T17:36:37","modified_gmt":"2025-09-18T12:06:37","slug":"external-attack-surface-management-think-like-the-burglar","status":"publish","type":"post","link":"https:\/\/prolifics.com\/usa\/resource-center\/blog\/external-attack-surface-management-think-like-the-burglar","title":{"rendered":"External Attack Surface Management \u2013 Think Like the Burglar!"},"content":{"rendered":"

We all want to keep our home secure \u2013 close the garage, lock the house windows and doors. Yet, many times a burglar still gets in, and later we scratch our heads and say, \u201cI never thought of that way in.\u201d<\/p>\n

It\u2019s the same thing for your company. Attackers, hackers and other bad actors are working tirelessly to get into your systems. For cybersecurity professionals, a company\u2019s \u201cwindows and doors\u201d are your organization\u2019s information systems, networks, assets, open ports, exposed services, unpatched software, weak passwords, and more. This is your company’s \u201cattack surface.\u201d<\/p>\n

Rama Yenumula is Director of Prolifics\u2019 security line of business. \u201cThe attack surface is not a new idea for security professionals. The concept has been around for many years and has been a fundamental aspect of cybersecurity practices. The term \u2018attack surface\u2019 was coined in the early 2000s, but the underlying principles of managing vulnerabilities and reducing risks predate this terminology. Cybersecurity professionals have always been concerned with identifying and mitigating potential security risks by understanding the different entry points that could be exploited by attackers.\u201d<\/p>\n

At your home, your attack surface \u2013 your windows and doors \u2013 remains fairly constant. This isn\u2019t the case with your company, however. With today\u2019s multi-cloud deployments, mergers and acquisitions, integrations, APIs and applications, and \u2013 yes \u2013 remote workers, the attack surface is constantly shifting and ever changing. <\/p>\n

\u201cSomebody is trying to penetrate your organization using different techniques, 24\/7,\u201d said Rama. \u201cThe attacks are more sophisticated, and the breaches are more prominent. Meanwhile, in its digital transformation journey, a company may deploy or upgrade new things every day. The attack surface is not constant.\u201d Annual or semi-annual security testing isn\u2019t enough to protect the ever-changing attack surface.<\/p>\n

So, what\u2019s the best way to protect your company\u2019s attack surface, so we don\u2019t have to scratch our heads and say that we never thought of that way? Rama said, \u201cA newer approach is external attack surface management (EASM). It\u2019s a newer mindset to analyze it all from the outside, looking in \u2013 viewing your organization like an attacker would.\u201d<\/p>\n

There are generally two components to EASM:<\/strong>
\nReconnaissance (or recon) – Recon is an accurate and authentic discovery designed to continually identify your exposures, the easiest targets, and which targets are of greatest interest to an attacker.
\nAttack (or red teaming) – Attack is having a professional team purposely attempting to breach your systems, so you can rate and fix your cyber defenses.<\/p>\n

How do you implement EASM? There are many software products out there. Gartner recently released
\nBest External Attack Surface Management Software Reviews 2023 | Gartner Peer Insights<\/a>. <\/p>\n

One highly reviewed product was IBM\u2019s Randori, a software providing continuous asset discovery and issue prioritization from an attacker\u2019s perspective. As IBM states, \u201cJust like real threat actors, Randori Recon continuously monitors your external attack surface, uncovering blind spots, misconfigurations and process failures that would otherwise be missed. Using a black-box approach, Randori finds the Internet Protocol version 6 (IPv6) and cloud assets that others miss.\u201d<\/p>\n

\"\"<\/p>\n

ON-DEMAND WEBINAR<\/h5>\n

\u201cProtect Your Attack Surface with an Outside-In View\u201d
\nThis webinar addresses the critical question of what your organization looks like from an attacker\u2019s point of view, while outlining how you should prioritize the exposures which pose the greatest risk.
\nYour host is Evan Anderson<\/a>, Chief Offensive Strategist and founding team member of Randori. He has more than 15 years of experience in red teaming, vulnerability research and exploit development.
\n
\n 
\n
\nWatch It Here<\/a>
\n
\n 
\n<\/p>\n

About Prolifics<\/h5>\n

At Prolifics, the work we do with our clients matters. Whether it\u2019s literally keeping the lights on for thousands of families, improving access to medical care, helping prevent worldwide fraud or protecting the integrity and speed of supply chains, innovation and automation are significant parts of our culture. While our competitors are throwing more bodies at a project, we are applying automation to manage costs, reduce errors and deliver your results faster.<\/p>\n

Let\u2019s accelerate your transformation journeys throughout the digital environment \u2013 Data & AI, Integration & Applications, Business Automation, DevXOps, Test Automation, and Cybersecurity. We treat our digital deliverables like a customized product \u2013 using agile practices to deliver immediate and ongoing increases in value. Visit prolifics.com<\/a> to learn more.<\/p>\n","protected":false},"excerpt":{"rendered":"

We all want to keep our home secure \u2013 close the garage, lock the house windows and doors. Yet, many times a burglar still gets in, and later we scratch […]<\/p>\n","protected":false},"author":34,"featured_media":35708,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[49],"tags":[],"class_list":["post-14292","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","has-post-title","has-post-date","has-post-category","has-post-tag","has-post-comment","has-post-author",""],"acf":[],"builder_content":"","_links":{"self":[{"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/posts\/14292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/comments?post=14292"}],"version-history":[{"count":0,"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/posts\/14292\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/media\/35708"}],"wp:attachment":[{"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/media?parent=14292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/categories?post=14292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prolifics.com\/usa\/wp-json\/wp\/v2\/tags?post=14292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}