www.recordedfuture.com Open in urlscan Pro
172.64.144.145  Public Scan

URL: https://www.recordedfuture.com/reduce-attack-surface-complexity
Submission: On November 23 via api from US — Scanned from US

Form analysis 0 forms found in the DOM

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept
 * Careers
 * Contact Us
 * Login
 * ENJPKO
   
   EN
   

 * Platform
 * Solutions
 * Products
 * Services
 * Research
 * Resources
 * Company

Get a demo

Book a demo



Blog


A SECURITY LEADER’S GUIDE TO REDUCING ATTACK SURFACE COMPLEXITY

Posted: 9th May 2023
By: Sam Langrock


Security leaders across the globe are under increased pressure to manage their
growing attack surface and ensure due diligence is being done to secure their
business against cyber threats. To meet these demands, security leaders must
have a comprehensive understanding of all entry points into their organization's
network, including web applications, remote access points, network
infrastructure, and cloud services.

However, only 9% of organizations think they monitor 100% of their attack
surface, and considering organizations typically discover somewhere in the range
of 40% more assets when using an automated scanner (CSO), it’s fair to have
reservations about whether that 9% is truthful.

Since many organizations lack visibility into their entry points, even if they
think otherwise, it begs the question of how can security leaders defend and
build security processes around what they can’t see?

To help organizations navigate this complex digital environment, we sat down
with Geoff Brown, VP of Global Intelligence Platforms at Recorded Future and
Former CISO of New York City to learn how Recorded Future Attack Surface
Intelligence is helping security teams secure their business. Below are five
pieces of advice we learned to help you reduce attack surface complexity.

#1: There is Always an Adversary

In our first Exploring the Attack Surface video, Geoff describes looking at your
attack surface the same way you would look at a chess board: “The technology is
all the pieces and the environment that you’re playing the game in, but you
always have an adversary sitting across the table from you who’s trying to
thwart your every move.” The latter part of the quote is the critical piece to
pick up on: there’s always an adversary.

Digital transformation initiatives have led to an explosion of assets on the
public internet, making it increasingly difficult for organizations to maintain
a persistent view of their internet-facing assets. To compound this problem,
assets move, change, and appear constantly, and this dynamic nature means
traditional manual asset inventory processes simply cannot keep up. On the other
hand, attackers are using large scale automation to enumerate everything that’s
vulnerable on the internet in minutes to hours. According to Recorded Future
Threat Researcher Lindsay Kaye, many threat actors will use openly available
tools to identify open ports or specific software installed on the system.

To highlight the importance of understanding your attack surface and securing
your business from adversaries, 69% of organizations have experienced some type
of cyberattack in which the attack itself started through the exploit of an
unknown, unmanaged, or poorly managed internet-facing asset (CSO). Gaining an
outside-in view of what an adversary sees gives defenders an important
perspective on which assets could be at risk and where to prioritize remediation
efforts before exploits happen, providing a significant advantage for defenders.

#2: You Need a Comprehensive Approach

Think of all the different applications that create digital doorways into your
organization: web applications, email systems, remote access systems, websites,
cloud services, login pages and more. Most enterprises have thousands of
internet-facing assets, with more and more being added each day.

In the Dealing with Change video, Geoff mentions, “It’s pretty essential you’re
taking a comprehensive approach… otherwise you’re in the dark”. We’ve already
mentioned the perils of being in the dark when it comes to asset visibility, but
having a comprehensive approach isn’t just about cataloging your assets, it’s
also about knowing if an asset is vulnerable, if it’s being hosted in a location
that’s out-of-policy, or if an adversary has shown an intent to exploit a
specific vulnerability.

#3: Enforcing Security Policies Requires Regular Checks

Security leaders put in a significant amount of effort, time, and resources
creating security policies that reduce risk and secure the business. However,
these days 41% of employees can acquire, modify, or create technology outside
IT’s visibility, a number that is likely to grow to 75% by 2027 (Gartner).

Employees may be innocently going outside of security policies for convenience,
out of habit, or to avoid detection. Either way, the effect is the same. They’re
setting you up for policy violations and security lapses.

To combat against this, Geoff remarks in our Policy Enforcement video that using
Recorded Future Attack Surface Intelligence provides a “Check across your total
asset base to see whether or not the compute infrastructure is up to policy and
then is configured to the standards that your organization has adopted.”

We don’t want all effort that has gone into creating and enforcing security
policy to go to waste, a continual check to make sure new assets are being spun
up with proper hygiene is a critical aspect of making your organization truly
defensible.

#4: Context is Key

Not all risks are the same, and not all risks deserve the same attention. An
unpatched vulnerability on a critical server that is accessible from the
internet poses a far greater risk to your organization than an end of life
software application you have running. Context on what needs to be prioritized
for remediation is crucial. Additionally, context is key when understanding the
total attack surface that needs to be defended.

In our Taking Action video Geoff explains that, “Any security organization needs
to really pursue two things. One, are all of their assets in a defensible
environment? Two, are those assets up to the standards and configurations
necessary for protecting your environment?”

Many organizations are surprised to find out how many hosting providers they
have, how many assets aren’t behind a WAF, or that they have publicly exposed
dev sites. In order to pursue these two components, context is required as to
what assets truly belong to your organization, and if something needs to be done
to ensure they’re protected.

#5: Access to Intelligence Leads to Informed Decisions

Security leaders spend their days in continual pursuit of information around
what’s been identified as vulnerable and what to do about it. In the
Prioritizing Threats video Geoff points out, “You need intelligence if you’re
going to make an informed decision and if you’re going to advise to make a
change to your technology or business environment”.

Intelligence provides an advantage to identify and get ahead of risks that
matter, make the right decisions for your organization, and build resilience, at
the speed and scale of today’s threat environment. Security leaders can leverage
intelligence to gain an outside-in view of their infrastructure and an
inside-out view of which adversaries could be targeting them, their peers, or
critical vendors in their supply chain.

Operating in a digitally-connected global environment requires constant
protection of your attack surface, as you never know when a new piece of
malicious software can spread and impact your operations.

Your organization is likely undertaking some type of digital transformation
project, layering more systems into your IT networks to support remote work, and
increasing channels and digital interactions with employees and customers, all
of which creates new attack vectors that must be secured. Staying ahead of this
complexity requires real-time intelligence to craft a defensive strategy that
makes it possible to identify infrastructure, prioritize remediation efforts,
and ultimately automate the identification of exploitable internet-accessible
assets.

If you’d like to learn more about how Attack Surface Intelligence shines a light
on blind spots to protect what you can’t see, get started by requesting a demo.



RELATED BLOG

Blog

SHELL NO! ADVERSARY WEB SHELL TRENDS AND MITIGATIONS (PART 1)

Posted: 30th Jun 2016
Blog

THE ART OF DEFENDING YOUR ATTACK SURFACE

Posted: 15th Nov 2023
Blog

VETERANS DAY: CELEBRATING STORIES OF SERVICE AND SUCCESS

Posted: 9th Nov 2023


ABOUT US

 * Intelligence Cloud
 * Services & Support
 * Why Recorded Future
 * Research
 * Resources
 * Company

HELPFUL LINKS

 * Careers
 * Contact Us
 * Get a Demo
 * The Intelligence Graph

--------------------------------------------------------------------------------

JOIN US ONLINE

 * 
 * 
 * 
 * 
 * 

READY TO JOIN?

Contact us today

Copyright © 2023 Recorded Future, Inc.
 * Security FAQ
 * Cookies
 * Privacy Policy
 * Terms & Conditions