The universe tends toward disorder, as quantum physicists say. And nowhere is this more true than in the world of IT. As companies accumulate more data and assets — visibility gaps and blind spots are bound to occur.
The problem with blind spots is that by definition you don’t know what is hidden. This makes closing the visibility gaps they create a challenge, but the risks they pose can be very real.
In April 2018, NASA’s Jet Propulsion Laboratory was successfully compromised after an external actor targeted an unauthorized Raspberry Pi system that was connected to their network. Once compromised, this actor was able to move laterally across the network, ultimately exfiltrating more than 500MB of sensitive data.
And this is by no means an isolated case; many breaches originate when threat actors discover unknown, unprotected, and unmonitored assets to use as attack vectors.
So how do you assess if you have a problem? Enter Attack Surface Management (ASM).
To manage digital risk, you need a solid handle on your attack surface. This starts by understanding what your adversary can see and then comparing it to what you know in order to assess the size of the gap. Asset management provides an organization with an internal record of all assets they believe they own, but that’s only half of the picture. ASM completes the picture, showing what an adversary can see – and therefore attack.
Over the past few years, organizations have invested heavily in improving their asset management systems and implementing policies to tighten visibility and control — and 85% plan to increase their investments further over the next 24 months. But investing in asset management alone is not enough; you need a way to prove it’s working. This is where ASM plays a critical role.
ASM solutions help security teams manage risk by providing an ongoing assessment of an organization’s external-facing assets. Cloud-based and turnkey, ASM solutions provide an adversary’s assessment of an organization’s discoverable attack surface, enabling teams to better identify the likelihood and impact of an attack. Further, they continually monitor an organization’s attack surface by tracking and identifying changes in assets and risk over time. Setup is minimal, as there are no agents to deploy, and most organizations begin to see value within a matter of days.
ASM is not a replacement for asset management. Rather, ASM is a complementary tool designed to test, hone, and validate the effectiveness of your asset management program. When used properly, ASM provides an alternative perspective that teams can use to help confidently answer questions such as:
- Are my asset management solutions working as intended?
- Are they doing a good job of discovering shadow IT?
- What external assets pose the highest risk?
- Does my overall attack surface represent an acceptable level of risk?
- Is the risk from my attack surface growing or shrinking over time?
When evaluating an asset management program — perfection shouldn’t be the goal. In fact, with the dynamic nature of IT today, expecting to ever have a perfect inventory of every asset is probably unrealistic. Rather, organizations should focus on understanding the size of their visibility gaps by conducting a gap analysis and identifying where their greatest known risks lie — but doing so requires an attacker’s perspective. Thankfully, ASM solutions, such as Randori Recon, make incorporating an attacker’s perspective into your asset management program easier than ever before.
While ASM won’t solve all your asset management problems, it will help ensure you’re not blind to the ones your adversaries will exploit. After all, you probably know your attack surface better than your adversary — but the only way to know for sure is to ask.
Curious what we’d discover? Get started today for free with a 14-day trial of Randori Recon.