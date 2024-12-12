With the rapid adoption of hybrid cloud models and the support of a remote workforce, it is becoming increasingly apparent that digital transformation is impacting the ability of organizations to effectively manage their enterprise attack surface. The IBM Security® X-Force® Threat Intelligence Index 2023 found that 26% of attacks involved the exploitation of public-facing applications. Additionally, ESG’s 2022 State of Attack Surface Management report revealed that seven in ten organizations have been compromised through an unknown, unmanaged or poorly managed internet-facing asset in the past year. As a result, external attack surface management was the number one investment priority for large enterprises in 2022
In this demo blog, we will show how a leading attack surface management (ASM) solution such as the IBM Security Randori® is designed to bring clarity to your cyber risk. Randori is a unified offensive security platform that offers an ASM solution and continuous automated red teaming (CART). Read on to see how Randori can enhance your security posture.
To start, let’s look at Randori Recon, which is designed to ensure rapid time-to-value with no agents and an easy-to-use interface. Randori’s discovery process takes a center-of-mass-out approach, using various parsing techniques to attribute assets connected to your organization, thus delivering high-fidelity discovery of your attack surface. Based on the assets discovered, Randori Recon then applies risk-based prioritization based on adversarial temptation combined with your unique business context to provide insights that facilitate action.
With greater asset visibility and useful business context, Randori feeds its findings into your desired security workflows. Unlike many ASM products, Randori offers native bi-directional integration with other tools, including Jira, IBM Security QRadar, Qualys, Tenable and many others.
These integrations are becoming increasingly important as digital attack surfaces expand and workflows such as vulnerability management are stretched to their limits.
A common customer use of Randori’s integrations is feeding discovered shadow IT into an exposure management solution such as Tenable. This provides a holistic view of the organization’s footprint and useful information that might help significantly reduce the total number of vulnerabilities that should be addressed, as shown above.
Next, let’s look at the Randori dashboard. On the left-hand side of the dashboard, we see ACTIVE ASSETS, which displays an inventory of your IPs, hostnames and networks. Many ASM solutions display this information alone, but viewing assets this way often contributes to alert fatigue and leaves the administrator without the context needed to adequately address the identified risk. To help address this, Randori focuses on correlating identified hostnames, IPs and CVEs into a single ascertainable Target (that is, an attackable piece of software).
As seen below, administrators are immediately notified upon login that four targets require prompt action. The dashboard also shows high-priority target investigations that include newly identified unknown or shadow IT assets:
The total number of IP addresses and hostnames is too high for console administrators to tackle quickly. Instead of focusing on assets that are not critical to your services, Randori helps prioritize the targets that need attention first.
The Targets tab seen here offers a consolidated view of your digital footprint to help you determine what to investigate:
To provide administrators with the context needed to drive action, you will have access to the IPs, hostnames, characteristics and CVEs associated with a single target (rather than multiple repetitive and unnecessary pathways). This method helps to reduce alert redundancy and drive faster action:
As seen above, on any target identified, the Randori platform provides a distinct discovery path designed to provide administrators the clarity required to understand how and why this target is attributed to the organization.
Now, let’s look closer at how to investigate this target. We notice that the target has a High association. Naturally, we want to understand what’s driving this severity:
What you’re seeing above is based on Randori Recon’s patent-pending Temptation Target model. Considering exploitability, applicability and enumerability, the model is designed to calculate how tempting a target will be to an adversary. This prioritization algorithm helps level up your security program:
Based on the target identified, the IBM Randori platform also provides categorical guidance (as shown here) that outlines some steps your organization can implement to help improve resiliency:
As a unified offensive security platform, IBM Security Randori is designed to drive resiliency through high-fidelity discovery and actionable context in a low-friction manner.
If you would like to see or learn more about how your organization can benefit from the IBM Security Randori platform, please sign up for a free Attack Surface Review.
