Can security teams keep up with attack surface risks without automated processes? Survey data indicates that the answer is no.

In a 2023 survey of IT and cybersecurity professionals, nearly three-quarters (72%) said attack surface discovery alone takes more than 40 person-hours to complete. That does not include the additional time it takes for security teams to analyze the discovery data, prioritize actions and mitigate risks. Meanwhile, nearly two-thirds (62%) of organizations said their attack surface grew over the past two years.

To keep pace with attack surface risks, more organizations need to use automated tools. Here’s why.

Manual attack surface management costs time

Staying ahead of an expanding enterprise attack surface is almost impossible with manual or disconnected processes. Consider how often someone installs a service or deploys an asset connected to your network and the wider internet. Every time they do, your organization’s attack surface grows.

Many of these assets are poorly configured from the point of initial deployment. Others, like unauthorized SaaS tools and personal accounts, are unknown to your IT team in the first place. The typical company has around 30% more assets connected to its network than its security team knows about.

Even known and properly configured assets can put your organization at risk of cyberattacks when certificates expire, or assets end up unpatched. Every security professional can recognize at least some of these challenges, and most organizations are home to hundreds of attackable assets.

A 2022 analysis of Fortune 500 companies found that the average organization has around 476 common vulnerabilities and exposures (CVEs) in its external attack surface. Attackers are aware of this fact. They scan corporate networks for attackable assets that host CVEs and often find them.

To find attack surface risks before the bad guys do, security teams also look for these potential attack vectors. An organization’s security team might analyze certificate transparency logs or brute force domains connected to their networks to discover what’s out there.

However, in the race against threat actors, time is another enemy. Consider the following:

  • Ten hours is all it takes for a hacker to find an exploitable vulnerability in an organization’s attack surface.
  • Five hours later, most hackers will exploit that vulnerability and achieve network access.
  • One and a half hours after the initial breach, an average hacker can move laterally inside an organization’s network.

These findings are based on real-world, ethical and criminal hacker activity and show how vulnerable your organization may be from an attacker’s point of view.

In around 16 hours, an “average” threat actor can scan your attack surface, find an attackable asset, compromise it and start moving around your network. This timeline is likely even shorter if you become a target for an advanced cybercriminal group.

Can your team discover your evolving network attack pathways and decide which ones to remediate in this timeframe? Can they do so continuously? It takes more than 80 hours for the average organization to build a picture of their attack surface and only 26% of organizations perform continuous attack surface management. Unfortunately, most organizations continue to rely on disparate tools, spreadsheets and manual processes, which are not scalable to address growing attack surfaces.

Automate attack surface management in four steps

Automation dramatically shortens the time it takes for defenders to understand and act on attack surface risks. The core cybersecurity benefit of automation is the ability it gives security teams to sort through vast databases of information and take intelligent, automated actions faster. It takes a long time to discover and understand an attack surface, but by automating asset discovery and aiding prioritization, an automated attack surface management (ASM) platform like IBM Security Randori Recon can deliver actionable insight in real-time.

Automating attack surface management has four key steps:

  1. Asset discovery: Automating the discovery of internet-facing hardware, software and cloud assets that could act as entry points for a hacker. An automated tool can rapidly assess the likelihood that an asset is connected to a network.
  2. Classification and prioritization: Looking at assets cataloged during discovery and investigating them based on how they are exposed, why they are exposed and how likely they are to be attacked. Beyond telling you that an asset hosts a vulnerability, automated tools can show you the probability that a particular asset will put you at risk.
  3. Remediation: Armed with context from the previous two stages, security teams can be more efficient in their remediation efforts.
  4. Monitoring: Automation makes continuous monitoring possible. An automated tool can give security teams a real-time view of changes in their organization’s risk from the perspective of a threat actor.

Start automating attack surface management with IBM Security Randori Recon

Attack surface management (ASM) is a process of asking questions about your attack surface from an offensive security point of view. Where are the network entry points? How easy are they to exploit? Which ones are going to be attacked first?

Manual processes make it impossible to answer these questions before threat actors do. Automation, on the other hand, is a shortcut to rapid insight. Automating ASM with IBM Security Randori Recon helps security teams gain real-time insight into dynamic attack surfaces and see themselves from an attacker’s point of view.

Learn how your organization can benefit from IBM Security Randori Recon and sign up for a free Attack Surface Review


More from Cybersecurity

Closing the breach window, from data to action

6 min read - Accelerate threat detection and response (TDR) using AI-powered centralized log management and security observability It is not news to most that cyberattacks have become easier to launch and harder to stop as attackers have gotten smarter and faster. For those defending against cyberthreats, things continue to get more complicated. The list of challenges is long: cloud attack surface sprawl, complex application environments, information overload from disparate tools, noise from false positives and low-risk events, just to name a few. The…

Spear phishing vs. phishing: what’s the difference?

5 min read - The simple answer: spear phishing is a special type of phishing attack. Phishing is any cyberattack that uses malicious email messages, text messages, or voice calls to trick people into sharing sensitive data (e.g., credit card numbers or social security numbers), downloading malware, visiting malicious websites, sending money to the wrong people, or otherwise themselves, their associates or their employers. Phishing is the most common cybercrime attack vector, or method; 300,479 phishing attacks were reported to the FBI in 2022.…

Data breach prevention: 5 ways attack surface management helps mitigate the risks of costly data breaches

5 min read - Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface management (ASM) solution can change this. According to the Cost of a Data Breach 2023 Report by IBM, the average cost of a data breach reached a record high of USD 4.45 million this year. What’s more, it took 277 days to identify and contain a data breach. With…

Success and recognition of IBM products continues in G2 2023 Fall Reports

2 min read - IBM offerings were featured in more than 1,300 unique G2 reports, earning over 320 Leader badges across various categories. We are grateful to our customers for sharing the positive and constructive feedback needed to achieve these milestones, and we congratulate our tireless IBM team and partners who strive and achieve excellence.   Rankings on G2 reports are based on data provided by real software buyers. As stated by Sara Rossio, Chief Product Officer at G2, “Potential buyers know they can trust these insights…