February 22, 2023 By Sanara Marsh 4 min read

How an attack surface management solution like IBM Security Randori can provide clarity to your cyber risk.

With the rapid adoption of hybrid cloud models and the support of a remote workforce, it is becoming increasingly apparent that digital transformation is impacting the ability of organizations to effectively manage their enterprise attack surface. The IBM Security X-Force Threat Intelligence Index 2023 found that 26% of attacks involved the exploitation of public-facing applications. Additionally, ESG’s 2022 State of Attack Surface Management report revealed that seven in ten organizations have been compromised via an unknown, unmanaged, or poorly managed internet-facing asset in the past year. As a result, external attack surface management was the number one investment priority for large enterprises in 2022

In this demo blog, we will show how a leading attack surface management (ASM) solution like the IBM Security Randori is designed to bring clarity to your cyber risk. Randori is a unified offensive security platform that offers an ASM solution and continuous automated red teaming (CART). Read on to see how Randori can enhance your security posture.     

Exploring your attack surface

To start, let’s look at Randori Recon, which is designed to ensure rapid time-to-value with no agents and an easy-to-use interface. Randori’s discovery process takes a center-of-mass-out approach, using various parsing techniques to attribute assets connected to your organization, thus delivering high-fidelity discovery of your attack surface. Based on the assets discovered, Randori Recon then applies risk-based prioritization based on adversarial temptation combined with your unique business context to provide insights that facilitate action.

With greater asset visibility and useful business context, Randori feeds its findings into your desired security workflows. Unlike many ASM products, Randori offers native bi-directional integration with other tools, including Jira, IBM Security QRadar, Qualys, Tenable and many others.

These integrations are becoming increasingly important as digital attack surfaces expand and workflows like vulnerability management are stretched to their limits.

A common customer use of Randori’s integrations is feeding discovered shadow IT into an exposure management solution like Tenable. This provides a holistic view of the organization’s footprint and useful information that might help significantly reduce the total number of vulnerabilities that should be addressed, as shown above.

Assessing which target assets to investigate

Next, let’s look at the Randori dashboard. On the left-hand side of the dashboard, we see ACTIVE ASSETS, which displays an inventory of your IPs, hostnames and networks. Many ASM solutions display this information alone, but viewing assets this way often contributes to alert fatigue and leaves the administrator without the context needed to adequately address the identified risk. To help address this, Randori focuses on correlating identified hostnames, IPs and CVEs into a single ascertainable Target (i.e., an attackable piece of software).

As seen below, administrators are immediately notified upon login that four targets require prompt action. The dashboard also shows high-priority target investigations that include newly identified unknown or shadow IT assets:

The total number of IP addresses and hostnames is too high for console administrators to tackle quickly. Instead of focusing on assets that are not critical to your services, Randori helps prioritize the targets that need attention first.

The Targets tab seen here offers a consolidated view of your digital footprint to help you determine what to investigate:

To provide administrators with the context needed to drive action, you will have access to the IPs, hostnames, characteristics and CVEs associated with a single target (rather than multiple repetitive and unnecessary pathways). This method helps to reduce alert redundancy and drive faster action:

As seen above, on any target identified, the Randori platform provides a distinct discovery path designed to provide administrators the clarity required to understand how and why this target is attributed to the organization.

Investigating high-priority target assets

Now, let’s look closer at how to investigate this target. We notice that the target has a High association. Naturally, we want to understand what’s driving this severity:

What you’re seeing above is based on Randori Recon’s patent-pending Temptation Target model. Considering exploitability, applicability and enumerability, the model is designed to calculate how tempting a target will be to an adversary. This prioritization algorithm helps level up your security program:

Based on the target identified, the IBM Randori platform also provides categorical guidance (as shown here) that outlines some steps your organization can implement to help improve resiliency:

Get started with the IBM Security Randori platform

As a unified offensive security platform, IBM Security Randori is designed to drive resiliency through high-fidelity discovery and actionable context in a low-friction manner.

If you would like to see or learn more about how your organization can benefit from the IBM Security Randori platform, please sign up for a free Attack Surface Review or visit our page.

Read the full IBM Security X-Force Threat Intelligence Index 2023 and check out Security Intelligence’s piece, “Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023.” View the Threat Intelligence Index Action Guide for insights, recommendations and next steps.

Was this article helpful?
YesNo

More from Security

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Enhancing data security and compliance in the XaaS Era 

2 min read - Recent research from IDC found that 85% of CEOs who were surveyed cited digital capabilities as strategic differentiators that are crucial to accelerating revenue growth. However, IT decision makers remain concerned about the risks associated with their digital infrastructure and the impact they might have on business outcomes, with data breaches and security concerns being the biggest threats.   With the rapid growth of XaaS consumption models and the integration of AI and data at the forefront of every business plan,…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters