Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
It seems a cybersecurity team’s work is never done.
Whether they originate within a company’s network or outside of it, cybersecurity experts need to prevent known vulnerabilities from becoming exploited resulting in a breach as well as anticipate unknown threats from compromising the company’s security, reputation, and revenue. “Holistic” is the name of the game — from top to bottom these teams need to consider everything that could go wrong, then implement an effective plan to push back against it.
However, it’s hard to take initial action when your scope only includes your internal network, which is the case with far too many security teams. That’s why we’ve outlined the top five priorities for all companies to manage their entire attack surface for maximum efficacy. The timeless adage tells us that a journey of a thousand miles begins with a single step, and it’s no different in this case either.
So while some organizations have developed a mature attack surface management program, others are just starting on the journey, evaluating the scope of their program and identifying where to start. For those organizations, it’s important not to get overwhelmed when considering the cybersecurity health of your business. Just start here and take action.
It’s crucial nowadays to understand which digital assets belonging to your organization are exposed to the internet; in other words, what your organization looks like to customers and would-be attackers. A business’s internet presence consists of known, unknown, unsanctioned, and often poorly maintained internet-facing assets. You need to catalog all of them! Shadow IT, M&A, and a lack of standard commissioning processes mean that security teams have an incomplete view of their attack surface and its weaknesses.
Regardless of their efforts, they can’t protect what they don’t know about. Attackers perform reconnaissance to exploit unknown, vulnerable, and unmonitored websites, as well as their applications, forms, and underlying infrastructure.
According to Verizon, 70% of all successful breaches today originate on the internet. That’s why companies should do what the bad guys are already doing: map their attack surface in pursuit of potential vulnerabilities.
With your attack surface mapped and your vulnerabilities identified, it’s time to reduce them and make yourself a smaller target for hackers. Your team must first have an accurate inventory of assets exposed to the internet, then enrich that information by tagging geographical locations, business units, and owners. This exercise will let you systematically improve your security posture by addressing specific types of weaknesses, including:
It no longer matters if an asset lives within a network or beyond the firewall. If it belongs to your organization, it’s imperative that you maintain its compliance with internal standards and third-party regulations. Organizations are already facing fines for breaches that originate outside the firewall.
More regulations will be put in place to protect customers from threat actors targeting businesses going forward. Organizations need to be able to stay within GDPR, OWASP, and internal compliance guidelines to avoid potentially devastating penalties.
Your customers fundamentally interact with your business outside your firewall. As indicated by the massive GDPR fine against British Airways, you’re responsible for their safety and online experience. This obligation includes protecting them from threats that belong to you but reside outside the network, like crypto miners, malicious code injections, and Magecart.
But this responsibility also extends to assets that don’t belong to you. These rogue assets mimic your brand and target your customers. Even though your organization didn’t develop them, they’re a part of your attack surface anyway. These include typo-squatting on various domains and subdomains, developing fraudulent mobile apps, publishing phishing sites, and operating infringing social media accounts.
Organizations require rich internet data to be automatically accessible by their other security tools to give them full visibility of their attack surface and add an “outside the firewall” context to other security functions. By enhancing existing systems and processes with this data, organizations can bring internet visibility to a range of additional security and IT operations tools to enrich the information they deliver, accelerate response or mitigation, and improve the organization’s cyber effectiveness.
Some common applications are:
Due to cloud server migration, hosting, and other digital media initiatives, millions of assets appear on the internet every day, and they’re entirely outside the scope of firewalls and endpoint protection. A business’s attack surface extends from the internal network to the farthest reaches of the internet, where attackers have all the visibility. Security teams are now responsible for defending this enormous swath of digital real estate with the same scrutiny as their internal networks.
Fortunately, despite this drastic increase in what security teams are now tasked with protecting, basic tenets of cybersecurity haven’t changed. With the right tools, security teams can apply the same rules that keep their internal networks safe to their entire attack surface.
Don’t get overwhelmed on your way to a robust attack surface management plan. Just get started!
We're #ThreatHunting in D.C.! The #infosec community is out in force to learn how to supercharge their investigations with RiskIQ's advanced data sets inside the @PassiveTotal platform.
Via @Forbes, RiskIQ research finds over 18,000 websites infested with #Magecart card-skimming #malware https://t.co/dKSfziG3dr #ecommerce
Just Launched! Adam Hunt of @riskIQ and Fredrik Nilsson of @axisipvideo discuss #cybersecurity, #IoT, and the threat of regulatory fines from #dataprivacy breaches on the latest Inside @ForbesCouncils #podcast! https://t.co/G0UoPfQCHf
We're here at #sector2019! Swing by booth #406 to find out everything new with security outside the firewall, and find out how to start defending your internet attack surface today.