External Threat Management

Attack Surface Management Requires Deep Intelligence Both Inside and Outside the Firewall

Businesses are undergoing a digital transformation demanding rapid migration to the cloud and expanded adoption of web, mobile, and social platforms. These initiatives are expanding organizations' digital presence far beyond their internal network, exposing the limitations of network security controls like firewalls, DLP, and network monitoring. According to the Verizon Data Breach report, external-facing web applications, into which network security tools lack visibility, comprised the vector category most commonly exploited in hacking-related breaches. 

This transformation was already challenging long-held views of cybersecurity when it was sent into hyperdrive by COVID-19. Almost overnight, workforces and business operations were decentralized and flung all over the world even farther than before, widening protection gaps and turning security protocols on their heads.

This digital transformation has grown the enterprise digital attack surface and dramatically broadened the spectrum of threats and vulnerabilities that can affect the average organization. Sophisticated APTs and petty cybercriminals alike threaten businesses' safety, targeting their data, brand, IP, systems, and people. Today, 375 new threats emerge each minute

Security teams must now have the security intelligence necessary to defend their organizations from a vast universe of threats, some of which traverse their network, many that don't. Effective attack surface management programs should have robust internal and external intelligence that gives security teams a 360-degree view of their organization's attack surface. This visibility includes the threat landscape, external context for internal security alerts, and an outside-in view of an organization to know what makes it uniquely vulnerable to specific attacks. 

The Expanding Attack Surface, An Expanding Problem

Personnel, now forced to work from home, moved the edges of their organization's digital attack surfaces along with them. Attackers now have far more access points to probe or exploit, with little to no security oversight. IT teams for companies who moved to a WFH format are quickly standing up new systems, new access, and new channels. However, in the process, they may be succumbing to human error, such as critical misconfigurations. 

The boundaries between what's inside the firewall and what's outside becoming are less and less discernible. An organization's attack surface now begins inside the corporate network and extends to the internet's outer reaches and even into the homes of employees. 

For IT security teams, the sheer depth and breadth of what they need to defend may seem daunting. However, thinking about the internet from an attacker's perspective, a collection of digital assets that are discoverable by hackers as they research their next campaigns can put the massive area of their organization's attack surface into perspective. 

Recently, the headlines have been full of dozens of new vulnerabilities found in these devices coming to light, including Cisco, Microsoft, Citrix, and IBM products. Each of these vulnerabilities can take down an organization (whether its security team knows it's part of its attack surface or not). Threat actors are taking note, realizing these security flaws, invisible to security teams, are inroads for an attack. For organizations, keeping track of these new assets and their vulnerabilities takes a new type of technology that looks at an organization's digital presence from the outside-in. 

Intelligent Attack Surface Management

Attack surface management is a predominant concern for many security teams and their senior leadership, who need to know what threats they're facing now that they've turned their business inside out and put their most crucial infrastructure outside the firewall. Many aren't sure of their overall digital exposures and what should be driving strategic decisions and security actions to safeguard the digital enterprise.

Relevant, actionable threat intelligence gives security teams line-of-sight to attackers and threat systems and infrastructure. Delivering robust and strategic attack surface intelligence starts with hard observations from the internet, including attackers, enterprise, and third parties. These observations must be correlated automatically and analyzed with security expertise to identify threats most dangerous to the organization. 

With RiskIQ's Internet Intelligence Graph, customers have access to a pre-computed relationship database of internet intelligence updated daily. Tapping into the Graph provides a full picture of the entire internet to show your own organization's internet attack surface, including known, unknown, and attacker-owned assets. This view also includes external third-party infrastructure, OSINT, the deep and dark web, and resources your organization, users, and customers depend on. The graphic helps analysts map cyber threats to the enterprise to prioritize response and fully extinguish compromises. 

Many "outside the firewall" security companies claim to give you visibility into this new dispersed and rapidly-growing internet attack surface. Unfortunately, they only have a cursory view of the web and only know about known assets their customers provide them. RiskIQ deeply understands the internet and how its threads weave together. Get started with RiskIQ and find out how we can help you understand and defend your attack surface in this new era of cybersecurity.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor