March 22, 2023 By Sanara Marsh 3 min read

How attack surface management can establish a strong first line of defense against exploitation of public-facing applications.

There have always been and always will be unknown risks with organizations’ external assets, but with today’s sizeable remote workforce and their cloud, distributed and SaaS-based environments, it is essential to have a firm understanding of the how many unknown and unmanaged assets organizations have. The IBM Security X-Force Threat Intelligence Index 2023 revealed that 26% of initial attack vectors involved the exploitation of public-facing applications (second only to phishing). Additionally, the report found that of all incidents remediated, the second highest action on objective for attackers was ransomware at 17%. 

Shadow IT—hardware or software deployed on the network without official administrative approval and/or oversight—poses a significant risk because these unmanaged, unknown assets are far more likely to contain vulnerabilities or be misconfigured, increasing the likelihood they will be targeted by an attacker. With shadow IT and web-based exploitation accounting for a growing share of ransomware attacks and one-third of all breaches, hardening and reducing an organization’s attack surface has become an essential tactic. One of the biggest challenges can be knowing where to start.

Get started with an attack surface management solution

As a critical first step, it is important to understand the size of your visibility gap. To do this, organizations need to conduct a gap analysis, comparing their list of known assets to those found by an attack surface management (ASM) solution and assessing the severity of the risk posed by shadow IT.

The focus here is not on the percentage of total assets found; no outside party will find all of your assets. Instead, organizations should focus more on the relative number of unknown assets discovered and the severity of the issues they contain. When done on an ongoing basis, this gap analysis can become a critical KPI that vulnerability management teams track and work to reduce over time. Identifying these assets will help uncover and minimize blind spots, misconfigurations and process failures with attack surface monitoring, vulnerability intelligence and risk management capabilities.

While conducting a gap analysis in the past was a time-consuming and expensive effort, a leading ASM solution like IBM Security Randori has made identifying gaps much faster and easier. Randori’s capabilities take more of an attacker’s perspective by using automated black-box discovery along with out-of-the-box integrations with leading asset management solutions, such as Axonius and Panaseer.

Conduct black-box reconnaissance

Some key steps used in black-box reconnaissance to conduct a gap analysis include the following:

  • Adversaries most often start with no internal knowledge of target systems and are usually limited to publicly available information. All assessment of vulnerabilities, configurations and setup are all done from outside the network. This approach is usually seeded with an email or domain from the organization and tasked with fleshing out the rest.
  • There are numerous resources on open-source intelligence (OSINT) collection that prescribe step-by-step instructions for conducting hostname enumeration, kicking off network scans or how to leverage certificate transparency logs.
  • Critical sources must include network registration, WHOIS lookups, hostname enumeration, certificate log investigation, direct scanning and interrogation of public threat-intelligence sources.
  • Artifacts gathered should include network and domain registration information, HTTP headers and banners, screenshots, SSL and TLS certificates, DNS records and enumerated software version and configuration (where possible).

Remember, the goal of any technical discovery is the identification of software, so any additional artifacts that will help identify, enumerate or access additional services are useful. In a future blog post, we’ll cover additional steps that are critical to prioritize and reduce attack surface exposures using an attacker’s perspective.

Learn more

To see how your organization can benefit from the IBM Security Randori platform by helping identify shadow IT, sign up for a free Attack Surface Review or visit our page.

Read the full IBM Security X-Force Threat Intelligence Index 2023 and check out the Security Intelligence article, “Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023.”

Was this article helpful?

More from Security

Enhancing data security and compliance in the XaaS Era 

2 min read - Recent research from IDC found that 85% of CEOs who were surveyed cited digital capabilities as strategic differentiators that are crucial to accelerating revenue growth. However, IT decision makers remain concerned about the risks associated with their digital infrastructure and the impact they might have on business outcomes, with data breaches and security concerns being the biggest threats.   With the rapid growth of XaaS consumption models and the integration of AI and data at the forefront of every business plan,…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters