Last Updated on 11 September 2023 by Alastair Digby
To mitigate against their most significant threats and reduce cyber risks, businesses need to know exactly what assets and systems unauthorized users can seek to enter and set their malicious activities in motion.
The problem is that getting visibility into all these entry points—which add up to your attack surface—is no mean feat given today’s dynamic and distributed IT environments. This article overviews why and how to reduce cyber risk with attack surface discovery at your organization.
Table of Contents
Why Do You Need Attack Surface Discovery?
It’s not too long ago that IT infrastructures at companies of all sizes were, on the whole, relatively easy to understand and secure. There were servers, workstations, applications, and digital assets like sensitive data, all of which were securely protected on-premise and guarded by a firewall. Maintaining visibility into the attack surface within such an environment was almost trivial.
Fast forward to today, and digital transformation strategies have rapidly expanded the average attack surface. In addition to typical on-premise infrastructure, companies now have a smorgasbord of other potential entry points into their network, such as:
- Cloud computing services (storage and infrastructure provisioned as services to store sensitive data or host web applications)
- Containerized applications hosted on virtual machines and leveraging third-party dependencies (libraries, frameworks) that could be unsecured
- Remote workers connecting from potentially unsafe networks
- SaaS solutions used by employees to facilitate anytime, anywhere access, improve collaboration, or solve specific business problems
- Shadow IT assets that get added to your environment without the express oversight of your central IT team
The crux of this complex, external-facing attack surface is that you can’t protect what you can’t see. And, even with your own custom security tools and scripts, it’s unlikely you’re able to see and track everything you need to in order to adequately defend against threats.
Furthermore, just because you have no visibility into all possible entry points, that doesn’t mean that malicious actors can’t find them. In fact, the prudent assumption is that with vastly increased external-facing systems, services, and applications, an outsider will find any exploitable entry points.
It stands to reason, therefore, that discovering the full extent of your attack surface is a pivotal task in reducing cyber risks. A critical component of modern attack surface management is the ability to discover and map all the Internet-facing assets that make up your external attack surface.
Attack surface discovery empowers a truly risk-based approach because you know exactly what attackers can see. Full visibility into your attack surface is the foundation of a wider external attack surface management (EASM) strategy.
How Does Attack Surface Discovery Work?
You could go out and look for your known and unknown internet-facing assets manually, but you would soon understand the enormity of the task at hand (if you hadn’t already). Attack surface discovery solutions automate much of the work involved in discovering and mapping your entire external attack surface.
Older script-based methods for doing attack surface discovery aren’t suited for the complexity and dynamism of IT environments today; they’ll find devices and applications running behind a network firewall but they won’t account for cloud infrastructure. This leaves a glaring hole in your ability to manage cyber risks effectively.
The engine that powers modern, advanced attack surface discovery solutions deploys open-source and proprietary intelligence techniques along with advanced crawling and scanning of far-reaching corners of the Internet. The best solutions will be able to find inactive apps and shadow IT assets that you previously had zero visibility into or information about.
What also sets apart dedicated modern asset discovery tools is that they focus on continuously discovering your attack surface. Point-in-time snapshots of how your environment appears from an attacker’s perspective aren’t especially useful when DevOps teams can launch new (potentially vulnerable) web apps in days or employees can make cloud configuration changes that expose previously protected sensitive data to the whole Internet. You need an approach that works at lightning speed to keep up with your constantly expanding attack surface.
The findings you can expect to see presented in an attack surface solution include:
- All your web apps, mobile apps, services, and APIs
- Cloud software, storage, and infrastructure
- Domain names (including subdomains) along with their SSL certificates
- All IP addresses on the network
- Third-party libraries, frameworks, and other dependencies upon which the functionality of your custom apps and services relies
These findings get presented in the form of a comprehensive asset inventory that provides a true view of your environment from the outside. The discovery and asset inventory together build the foundation for attack surface monitoring, which can rapidly detect risky changes, weaknesses, or vulnerabilities emerging in any of your external assets.
Why Do All Internet-Facing Assets Need Security?
The medieval castle and moat model inspired the traditional approach used by businesses to secure information and systems against external threats. This model focused cyber risk management and defensive mechanisms on securing the network perimeter so that nobody outside the perimeter could access what’s on the inside.
Initial forays into remote work began to complicate the feasibility of this model, but its death knell truly sounded with the widespread digital transformation strategies of the last decade or so. Hackers now have a plethora of business assets to target that fall outside the traditional network boundary and firewall. Compromising these Internet-facing assets can ultimately provide malicious actors with the easiest path to achieve what they’re seeking.
External facing assets need their own security measures to deter threat actors, but failing to keep track of your digital footprint means not knowing whether your Internet-facing assets are properly secured against their most relevant risks.
Gain a Deeper Understanding of Attack Surface Risks
The discipline of EASM is all about managing the risks presented by the influx of Internet-facing assets and systems and implementing effective security measures. And it starts with attack surface discovery. The outside-in view gleaned from attack surface discovery leads to a deeper understanding of the extent of risks you face.
The statistics from one comprehensive report alone provide compelling evidence for the power of attack surface discovery:
- 73% of global organizations are worried about their growing attack surface.
- Just 51% of companies could fully define the extent of their attack surface.
- Respondents estimated having just 62% visibility of their entire attack surface.
By following your entire digital footprint over the Internet, attack surface discovery lets you see every Internet-facing asset that attackers can and will find as they perform reconnaissance from the anonymity of their own devices. Continuous visibility and proactive security measures are imperative for combating threats to the assets that adversaries focus on compromising across the Internet, mobile, and cloud environments.
Strengthen Your External Security Posture
Informer’s automated external asset discovery tools accurately identify and map all the assets that make up your Internet-facing digital ecosystem. These attack surface discovery capabilities form a core element of our external attack surface management platform, which layers monitoring, risk-based vulnerability management, and remediation on top of automated discovery and asset inventory.
The strength of your security posture today depends as much, if not more, on your external security posture as on the strength of any measures protecting your internal corporate network. In a matter of minutes, you can reduce cyber risk with attack surface discovery.
Frequently Asked Questions
What is attack surface discovery?
Attack surface discovery is the process of identifying and mapping potential points of vulnerability in an organization’s digital infrastructure.
How does attack surface discovery help reduce cyber risk?
Attack surface discovery helps reduce cyber risk by proactively identifying and assessing vulnerabilities, allowing organizations to prioritize remediation efforts and strengthen their security defenses.
What are the benefits of attack surface discovery?
Attack surface discovery offers benefits such as enhanced visibility into digital assets, proactive risk mitigation, resource prioritization, and compliance adherence.
How often should attack surface discovery be conducted?
Attack surface discovery should be conducted regularly, typically at least annually or when significant changes occur within the environment.
Is attack surface discovery a one-time activity?
No, attack surface discovery is an ongoing process due to the dynamic nature of digital infrastructures and evolving cyber threats.