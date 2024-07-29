Staying ahead of an expanding enterprise attack surface is almost impossible with manual or disconnected processes. Consider how often someone installs a service or deploys an asset connected to your network and the wider internet. Every time they do, your organization’s attack surface grows.

Many of these assets are poorly configured from the point of initial deployment. Others, like unauthorized SaaS tools and personal accounts, are unknown to your IT team in the first place. The typical company has around 30% more assets connected to its network than its security team knows about.

Even known and properly configured assets can put your organization at risk of cyberattacks when certificates expire, or assets end up unpatched. Every security professional can recognize at least some of these challenges, and most organizations are home to hundreds of attackable assets.

A 2022 analysis of Fortune 500 companies (link resides outside ibm.com) found that the average organization has around 476 common vulnerabilities and exposures (CVEs) in its external attack surface. Attackers are aware of this fact. They scan corporate networks for attackable assets that host CVEs and often find them.

To find attack surface risks before the bad guys do, security teams also look for these potential attack vectors. An organization’s security team might analyze certificate transparency logs or brute force domains connected to their networks to discover what’s out there.

However, in the race against threat actors, time is another enemy. Consider the following:

Ten hours (link resides outside ibm.com) is all it takes for a hacker to find an exploitable vulnerability in an organization’s attack surface.

Five hours later, most hackers will exploit that vulnerability and achieve network access.

One and a half hours after the initial breach (link resides outside ibm.com), an average hacker can move laterally inside an organization’s network.

These findings are based on real-world, ethical and criminal hacker activity and show how vulnerable your organization may be from an attacker’s point of view.

In around 16 hours, an “average” threat actor can scan your attack surface, find an attackable asset, compromise it and start moving around your network. This timeline is likely even shorter if you become a target for an advanced cybercriminal group.

Can your team discover your evolving network attack pathways and decide which ones to remediate in this timeframe? Can they do so continuously? It takes more than 80 hours for the average organization to build a picture of their attack surface and only 26% of organizations perform continuous attack surface management. Unfortunately, most organizations continue to rely on disparate tools, spreadsheets and manual processes, which are not scalable to address growing attack surfaces.