The Internet is a small place. Attackers can scan the Internet in under an hour and get a list of every RDP, database, and abandoned web server out there. Because attackers can find exposed assets quickly, it’s important for organizations to reduce their attack surface so there are fewer opportunities for unauthorized entry. At Expanse, we specialize in discovering, and monitoring, Internet assets for the world’s largest organizations so they can reduce their attack surface and lock down their perimeter.
A key US federal government agency had information siloed between the agency’s headquarters, security operations center, and various field locations. This made it challenging to enforce security and IT policies across a decentralized network and led to numerous unknown, unmanaged and vulnerable Internet-connected assets.
Certain security basics used to be good enough to protect your network. You could roll out an endpoint security tool, implement a firewall, and use sandboxing, and at least sleep a little easier at night. But today’s attackers are more sophisticated, and that means security professionals have to be more sophisticated, too.
It’s easy to focus on the threats that you know about, and easy to ignore the ones that you don’t see. When organizations conduct vulnerability scans, they get a weekly reminder of all of the unpatched and out-of-date devices on their network. Spam and phishing emails come in daily and are a constant reminder of the need for vigilance.
In order to effectively protect our customers, Expanse cultivates a deep understanding of the Internet. We use our global perspective to help our customers understand both what they own that is connected to the public Internet and how to keep their assets secure. Since joining Expanse as a software engineer, I’ve learned about many pervasive, incorrect assumptions related to the history and structure of the Internet – many of which I myself used to hold. These bad assumptions have cropped up throughout the history of the Internet and continue to influence how many think about cybersecurity today.
Before joining Expanse as a Cyber Risk Analyst, I worked as a cybersecurity consultant for one of the Big Four auditing and professional services firms. In that time, I got a front-row seat to the security challenges facing enterprises today. I learned to be skeptical of the cyber maturity of the “big guys,” or the large and well-established enterprises that are connected to the daily lives of millions. While working with clients of all sizes across multiple industries, I realized very few organizations have even a decent grip on their actual cybersecurity posture.
Do you think you’re safe because no one can find you on the vast Internet? Think again.
Expanse’s CEO, Tim Junio, discusses why it would be easy to conclude we’re on the verge of ceding the Internet to criminals and spy agencies. But there are reasons to be optimistic.