Having a clear view of which assets are exposed and the risk they pose has long been recognized as foundational to an effective security program (CIS 1, 2, and 7). However, investigations into recent data breaches have shown that despite increased investment, enterprises continue to struggle with effective attack surface management. Without proper visibility, security teams cannot accurately measure their security risk, making it difficult to reduce risk on their attack surface.
The fact is, even as attack surfaces become harder to control, many organizations still manage them with complex spreadsheets of data cobbled together from massive scans of the internet. This limits their visibility into what attackers can see and leaves major blindspots where attackers can easily slip through the cracks. CISOs and security teams must automate their attack surface management and security testing to ensure they don’t overwhelm their teams and respond to threats effectively.
To uncover more about the issues holding security teams back and understand the current state of attack surface management, Randori analyzed data from 398 IT and security decision-makers on what their enterprises are doing today to provide a broad assessment on the current state of attack surface management. To read the full report, click here.
Based on our analysis, there are three forces driving growing demand for solutions that offer a more continuous approach to attack surface management:
- Attack Surface Expansion Continues While Visibility Remains Poor
-
-
- Between the rise of work-from-home employees and the increased usage of internet-accessible assets in the form of cloud applications and other solutions, it is a foregone conclusion that companies now have more internet-exposed cyber assets than before. Over the past two years, the known attack surface – the sum of all internet-connected assets known to security – has increased at 67% of organizations.
-
- Existing Processes are Slow and Ineffective
-
-
- As attackers increasingly become more agile and aggressive, our research suggests most organizations are already behind when it comes to staying ahead of attackers.
-
-
-
- The average organization takes more than 80 hours to compile an updated inventory of their attack surface, compared to 48 hours for attackers to develop a working exploit.
-
-
-
- In December 2021, the Log4j vulnerability caught security teams unaware and forced quick action to understand their exposure. Within five hours, the Randori Hacker Operations Center had developed a working exploit – proving the severity of the exploit. It didn’t take malicious attackers much longer than that to start widespread exploitation of Log4j.
-
- External Attack Surface Management Is a Top Investment for 2022
-
-
- When asked what’s needed to move the needle, organizations were consistent on the biggest challenges they face – with better intelligence on exploitability and need for more continuous visibility being the most common areas of concern.
-
-
-
- Organizations take security hygiene seriously and are planning to increase investments in 2022 to improve their results. From the data, there is much room for improvement in this area, with 73% of organizations relying on spreadsheets to manage their dynamic attack surfaces. Meanwhile, just 34% of organizations have a dedicated external attack surface management solution.
-
-
-
- As a result, a third of large enterprises already intend to invest in external attack surface management tools in 2022. It’s very likely that these EASM projects will prove a watershed for the market at large, bringing EASM solutions to the forefront in 2022.
-
The Randori analysis shows an industry fighting to keep pace with the rapid expansion and metamorphosis of the digital landscape. However, organizations lack the tools and processes required to do so effectively. The result is a growing gap between what’s truly exposed to attackers and the risks known to security teams.
We conducted this research to inform you what others are doing to close the gap between what attackers see and what your team knows to protect. If you’d like to read the full report, click here.
Bottom line: the threat landscape has become too complex for teams to continue managing their attack surfaces on spreadsheets. There are too many threats out there to patch individually. It is more imperative than ever for SOC teams to have true visibility of their attack surface from the outside and the ability to prioritize threats. To accomplish this, seek out an automated EASM solution, like Randori Recon.
