Worried About Your Internet Presence?

Worried About Your Internet Presence? Focus on Your Attack Surface

Marshall Kuypers

By Marshall Kuypers, Senior Director, Cyber Risk 05.28.2019

The Internet has created myriad ways for people and organizations to connect with one another. Unfortunately, attackers will attempt to find and exploit the Internet presence of an organization. All of the connections, profiles, pages, and posts can be discovered and potentially weaponized in both targeted and opportunistic attacks.

Your Internet Presence

The classes of data fall into a few different buckets, some of which may not actually belong to the organization itself:

Attack surface: These are directly attackable parts of your network like websites, networking equipment, and exposed user workstations. It can also include your larger cyber ecosystem, such as supplier or subsidiary networks that might be targeted for an attack. Expanse mainly focuses on this category.

Brand protection: Malicious apps, domain squatting to phish your employees or customers, and counterfeit services.

Threat intel: A broad category of data, some of which is directly discoverable. Hackers discussing imminent attacks on dark web forums, your corporate PII for sale, or even your executive’s administrative assistant who can then be targeted.

All three of these are often lumped together, but each serves a distinct purpose and comes with a different level of importance. For example, learning that hackers are talking about targeting your organization on an underground forum is only useful if you can actually do something about it, like adding extra security staff support an incident response, or sending out a warning email to your employees to be extra diligent about incoming emails.

In the same way, learning that your data has already been exposed can be useful, but everyone would prefer to prevent a breach in the first place instead of just having excellent detection capabilities.

Focus on the Risk

Brand protection is very difficult to do effectively. Many organizations register thousands of domains defensively, purposefully owning misspellings and typo domains to make it harder for attackers to scoop these up. But with so many combinations of domains, it’s nearly impossible to cover them all. Phishing attacks are usually launched extremely rapidly, with the period between domain registration to emails sent being as short as minutes, but the detection, alert, action cycle can be much longer. Another common brand protection strategy is to look for logo images, but the false positive rate can make this an unrealistic endeavor. While these activities can be harmful to your customers and impact your brand reputation, they don’t pose a security risk to your corporate network

Given the limited number of resources available to every security staff, it’s important to focus on the biggest risk factors when securing your organization. For many organizations, lack of basic perimeter security and hygiene cause the largest number of data breaches and the biggest impact on the bottom line. These are fundamental issues with your attack surface, not your brand presence online.

Discover and Manage Your Attack Surface

The most critical portion of your Internet presence is the attack surface. Discovering your all of your public-facing devices requires Internet-wide coverage and comprehensive data on open ports and services. At Expanse, we use our globally distributed infrastructure to discover and inventory all of your known and unknown Internet-connected assets across registered ranges, cloud environments, and other unregistered IP space. It’s only with global visibility and continuous monitoring of your attack surface that you can protect your organization.

Check out our webinar on common perimeter exposures to learn what to watch for on your network to improve your security posture:

The use of the Carna botnet to scan the Internet in 2012 shows that The Internet is Small.