Five Reasons You Need a Global View of Your Attack Surface

Here’s why you need an ‘outside-in’ view of your attack surface

idg post 10 image 1
Expanse

In the past, the vast majority of an organization’s attack surface was based on static ranges registered to that organization. This made it relatively simple to monitor for signs of compromise and prevent intrusion by malicious actors.

But things have changed. Today, most organizations have assets on so much more than the static ranges registered to them. 

The following are the five places where organizations tend to have Internet assets, and where it’s critical to identify those assets and reduce your attack surface. They also represent five reasons you need a global, outside-in view of your attack surface.

  1. Core IP space: Core ranges are table stakes. Organizations need to rapidly monitor known ranges for inadvertent misconfigurations or device exposures. Any exposures on these ranges are highly attributable and likely to be targeted quickly.
  1. Cloud environments: Organizations are moving to the cloud, and it has never been easier for an employee to spin up a device outside of normal IT processes. Organizations should have focused discovery of assets pointed at all cloud environments, including AWS, Azure, Google, Oracle, Rackspace, and other cloud-hosting providers.
  1. Commercial ISP space: A mobile workforce has created new classes of risk that haven’t previously existed. Traveling employees may have misconfigured workstations that expose their laptops to the world. These exposures are highly ephemeral because they move as the employee travels from home to a coffee shop to a hotel.
  1. Subsidiary and acquisition networks: Attackers look for entry points anywhere they can, including nested subsidiaries and historical acquisitions. Often, Expanse identifies both on-premise and cloud assets that were orphaned during an M&A event and are unmonitored. Organizations should take care to search for abandoned assets that may have been overlooked previously.
  1. Strategic suppliers: Suppliers are more connected than ever. It’s often impossible to do business without sharing sensitive data or permitting network access to critical business partners. Exposures on these fringe segments of your network can lead to data loss or network intrusions on your corporate enclave.

Organizations have networks that are so widely distributed that they need to monitor the entire Internet in order to accurately track their Internet-facing presence. It’s critical to have the right security and IT Operations solutions in place to discover and monitor your global Internet attack surface across these five areas where Internet Assets live.

Related:

Copyright © 2019 IDG Communications, Inc.