Why is attack surface management difficult?

profile

Puneetha J

~ 7 mins read | October 26, 2021

log4j-banner-image

Managing the attack surface of an organization today is a difficult task. The sheer variety of asset usage, the velocity of asset change, and the volume of exposures on the attack surface driven by increased adoption of Cloud and SaaS products and frequent DevOps implementations make an attack surface complex.

In this blog, Securin examines five reasons why Attack Surface Management is difficult.

Changing Asset Footprint

The asset footprint of organizations is changing rapidly, and most cybersecurity solutions find it difficult to capture all the assets used within an organization's digital ecosystem.

Unknown, unsupervised, unpatched, and overlooked assets within an organization's ecosystem are challenging to manage. Ephemeral assets, asset scaling, unknown assets, and increased code deployment frequency due to DevOps contribute to the ever- changing asset landscape of organizations. In addition, the COVID-19 pandemic has accelerated the adoption of SaaS and Cloud solutions, which has further compounded the problem as many popular Saas applications are susceptible to cyber-attacks.

E.g., A remote code execution (RCE) flaw in Atlassian Confluence has been abused in multiple cyberattack campaigns after researchers disclosed it in late August 2021.

Size of an attack surface

Size-of-an-attack-surface

ASM is primarily a 'discovery problem' because of the sheer size of the attack surface. Most cybersecurity solutions in the market today are not built to discover the Attack Surface. According to an industry report 1, the average enterprise has nearly 2,000 domains, more than 5,000 live websites, and 8500 hosts.

Identifying these assets' business context, patches, attributes, permissions, and tech stack is a massive big data and analytics challenge.

Shadow IT

While tracking and monitoring assets is challenging, the employees often try and abandon freemium SaaS solutions and tools without the knowledge of their IT teams. Known as Shadow IT, these tools and applications pose a challenge to the network's security because they contain vulnerabilities that attackers often exploit.

With the pandemic forcing employees to work from home, employees sometimes use network hardware with critical vulnerabilities to connect to their company servers rendering their entire network vulnerable. Such hardware often contains unchanged credentials and unpatched firmware, which poses a considerable security risk to the organization when connected to the network. With file sharing crucial to foster collaboration in remote work, highly permissive access levels, or open-access file sharing, open improperly secured S3 buckets can leak sensitive data.

Third-party security

third-party

Big enterprises use scores of third-party technologies to enhance their business offerings or to increase service efficiency. These vendors often integrate or access critical enterprise systems contributing to the complexity in attack surface management.

The recent ransomware attack on Kaseya reportedy only impacted 60 firms directly. However, as Kaseya a solution for MSPs, in reality, the blast radius of the attack includes up to 1500 downstream businesses affiliated with the impacted firms .

Merger & Acquisitions

Businesses acquire smaller enterprises to expand their business, consolidate their holdings, and offer relevant services. Any such merger introduces increased risk and complexity into an attack surface, leading to catastrophic consequences if left ungoverned.

The Marriott-Starwood breach that exposed more than half a million guest records, including credit card numbers, was caused by Starwood's compromised network merging with Marriott's after the acquisition. Starwood's network was previously infected with malware which remained undetected (the entire IT team was let go) even after the Marriott Hotel Chain acquired it.

The consequences of this breach are far-reaching. Marriott paid UK's Information Commissioner's Office (ICO) over 99 million euros in fines for violating GDPR laws, and several class-action lawsuits against Marriott are still in courts.

Modern Threat landscape

modern-threat-landscape

Today, attack surface management is a messy affair for most organizations. The sheer scale of a typical attack surface (cloud and SaaS adoption, IoT), the prevalence of shadow IT, and siloed attack surface information contributes to the variety of ways in which an attacker can gain unauthorized access into a network. The emergence of organized crime in the cyberattack world, nation-state cyber warfare, ransomware-as-a- service and the uptick in all point to the formidable adversaries organizations are up against. The threats faced are exponentially worse for an enterprise with multiple subsidiaries.

An ideal ASM solution would account for these complexities to provide businesses with in-depth, comprehensive visibility into the attack surface and contextual exposure prioritization that arms them with the knowledge needed to secure themselves against an increasingly varied and sophisticated threat landscape.

How can Securin help you?

Securin platform addresses these challenges by providing organizations with a single window view of their exposures in various assets - cloud, active and passive, APIs, container, external and internal assets. By prioritizing exposure, enterprises have a chance to be proactive rather than reactive in defending their attack surface.

1Report from Darkreading.com