Shadow IT plays a major role in the proliferation of unknown digital assets. One of the primary ways that nation-state actors and cyber criminals target organizations today is through unknown digital assets like web/mobile apps, websites, and social sites. These assets live in a dynamic state and are easy to lose track of over time.
Most digital assets come into existence with the best intentions but due to lack of interdepartmental communication and Shadow IT practices, often proliferate outside of the scope of security. Overtime increasing numbers of digital assets become lost to history and continue to exist outside of auditing, patch management, and vuln/pen testing cycles.
The challenge for security teams is ensuring all digital assets created under the brand of the organization are duly accounted for. The concern for the CISOs we talk to are:
1. Not knowing about compromised assets that are being used to attack customers
2. Not knowing if all assets that could lead to a serious breach are accounted for
3. Ensuring the security program is on top this
Attackers Leverage Shadow IT
Mapping out and pivoting through digital assets is a proven attack method and was presumably used in the recent Hacking Team breach. This strategy focuses on mapping out an organization's entire collection of public facing digital assets with tools like nmap. The attacker jumps between assets searching for lightly guarded or vulnerable infrastructure to pivot across until they find a hole.
The bad news is the attack surface is widening for most enterprises. Shadow IT proliferation is increasing at a 5% clip year over year and now accounts for 30% of IT budget among the enterprise a recent IDG study shows. These findings demonstrate that Shadow IT is here to stay. The resulting unknown digital asset problem is something security teams across the enterprise must figure out how to address.
How To Address The Threat Created by Shadow IT
One way to detect and secure unknown assets is by leveraging purpose built technology optimized for rapidly indexing, inventorying and monitoring an enterprise's entire digital footprint. By crawling the Internet at scale using virtual users programmed to imitate real user behavior by varying click patterns, time on page, etc.—each asset can be monitored continuously for threats while evading counter-measures used to thwart regular security scanners.
If at any point, breaches, IOCs, or any pre-defined undesired outcomes occur as a result of browsing an asset owned by the company’s—IT can be alerted and provided real time threat intelligence into the nature of the threat.
While Shadow IT is a large and complex issue for enterprise security—engaging unknown digital assets owned by an organization is a new way to improve security because it protects customers, employees, and the company from being compromised in areas beyond the coverage of perimeter based access controls.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...