For years, vulnerability management was synonymous with vulnerability scanning and pen-testing. These were the keys to understanding which of your organization's digital assets are susceptible to threats and where its vulnerabilities lie. However, widespread cloud migration and the explosive growth of the average business's online presence fundamentally changed what security teams need to protect, making scanning and pen-testing not nearly sufficient.
Vuln management has been an exercise in navel-gazing, looking at our asset's weak spots to close the shields. But once the whole IT footprint became a digital footprint—web, social, mobile, etc.—vulnerability scanning and pen-tests showed just how incomplete they were, unable to see beyond into that digital sphere. What was once a small area to defend is now an expansive digital attack surface, a universe of digital assets scattered across the web, cloud, and apps. It's only natural for exposures to go unnoticed on this fluid, digital attack surface.
Unfortunately, breaches via these internet-connected assets are happening at an unprecedented rate, many of them a result of assets compromised that organizations weren't aware even existed. How do we mitigate exposures and risks, when those exposures and risks are hidden in digital assets we cannot see? There must be an easier way.
It's time to think bigger than vulnerability management. Welcome to the age of digital attack surface management.
Vulnerability Management, Beyond Scanning
First, See Everything
Traditional security scanners, which can only identify and scan a portion of an organization's external digital attack surface, are not enough to adequately manage a business's digital risk. While scanning known digital assets for vulnerabilities is crucial, it's the unknown portion of the digital attack surface that's impossible to evaluate with traditional scanners, i.e., the part most likely to be targeted by attackers. Some of these assets are unknown to IT teams, either in-house shadow IT or created by third-parties. Others were spun-up by threat actors, purpose-built to attack their business, employees, and customers by impersonating their brand.
RiskIQ believes that it's because of this glaring gap in traditional vulnerability management that one of the new capabilities evaluated in The Forrester Wave™: Vulnerability Risk Management, Q4 2019, was how well the participating vendors help organizations with digital footprinting. Without the capabilities of a traditional vuln. scanner, RiskIQ was named a "strong performer" in the report. RiskIQ enables businesses to understand what internet-exposed assets they need to scan and how to prioritize them based on their unique profile.
The report noted that "reference customers state that RiskIQ has been invaluable in helping them discover infrastructure they didn't know existed." In our view, it is because of these capabilities that RiskIQ was described in the report as "a strong tool to have in your vulnerability management toolbox."
Find. Solve. Automate. Repeat.
Organizations must have a full inventory of digital assets connected to them outside their internal network to determine what may be potentially vulnerable to attacks. Being able to identify assets associated with an organization is key to a comprehensive approach to vulnerability management. RiskIQ helps vulnerability management programs and penetration testing teams find digital assets connected to their organization outside their internal network, providing visibility into assets that may be vulnerable to attacks.
With this information, they can monitor their application portfolio for indicators of compromise (IOCs) and detect threats and malicious behaviors designed to elude security scanners such as malware injection, sophisticated website defacement, DNS hijacking, and domain ownership hijacking. These IoCs help vuln-management teams to prioritize the applications that need to be scanned & reviewed. Having this view of the business combined with scanning brings a complete digital risk management solution to the table.
We Did the Hard Work, So You Don't Have To
Today's internet-scale cyberthreats can overwhelm the defenses of businesses that lack visibility into vulnerable digital assets that comprise their digital attack surface. Many of the front-page data breaches you read about are a result of threat actors finding unknown, unprotected, and unmonitored assets to use as attack vectors.
With a sophisticated sensor network working in tandem with virtual users, RiskIQ has been enabling customers to find digital assets connected to their digital attack surface for over a decade. By building an inventory of digital assets and issuing alerts as soon as someone in the company stands up something new, security teams can evaluate a better picture of what their organization looks like to attackers.
RiskIQ maps an organization's digital attack surface via relationships between web components, and actively monitors it for threats with the proprietary telemetric internet data collected by its global networks of crawlers. Once you have an accurate picture of your digital footprint, it is far easier to understand and implement mitigation techniques to ensure that all of your external assets are protected.