Attack Surface Reduction

5 Reasons You Need a Global View of Your Attack Surface

Marshall Kuypers

By Marshall Kuypers, Senior Director, Cyber Risk 06.19.2019

LINKEDIN

In the past, the vast majority of an organization’s attack surface was based on static ranges that were registered to that organization. This made it relatively simple to monitor the attack surface for signs of compromise and prevent intrusion by malicious actors.

But things have changed. Today, most organizations have assets on so much more than the static ranges registered to them.  

The following are the five places that organizations tend to have assets, and where Expanse can help you identify your Internet-connected assets and reduce your attack surface. They also represent five reasons you need a global, outside-in view of your attack surface.

1. Core IP space: Core ranges are table stakes. Organizations need to rapidly monitor known ranges for inadvertent misconfigurations or device exposures. Any exposures on these ranges are highly attributable and are likely to be targeted quickly.

2. Cloud environments: Organizations are moving to the cloud, and it has never been easier for an employee to spin up a device outside of normal IT processes. Organizations should have focused discovery of assets pointed at all cloud environments, including AWS, Azure, Google, Oracle, Rackspace, and other cloud hosting providers.

3. Commercial ISP space: A mobile workforce has created new classes of risk that haven’t existed before. Traveling employees may have misconfigured workstations that expose their laptops to the world. These exposures are highly ephemeral because they move as the employee travels from home to a coffee shop to a hotel.

4. Subsidiary and acquisition networks: Attackers look for entry points anywhere they can, including nested subsidiaries and historical acquisitions. Often, Expanse identifies both core and cloud assets that were orphaned during an M&A event and are unmonitored. Organizations should take care to search for abandoned assets that may have been overlooked in the past.

5. Strategic suppliers: Suppliers are more connected than ever. It’s often impossible to do business without sharing sensitive data or permitting network access to critical business partners. Exposures on these fringe segments of your network can lead to data loss or network intrusions on your corporate enclave.

Overall, these different locations add up to the entire global Internet. Organizations have networks that are so widely distributed that they need to monitor the entire Internet to accurately track their Internet-facing presence.

Check out our latest white paper for more on how to reduce your attack surface and protect your organization:

Tracking Your Ever-Changing Internet Edge