Beyond vulnerability scanning: Enhancing attack surface management for more proactive security

May 19, 2022

Bringing the Attacker’s Perspective to Vulnerability Management

By: Ian Lee

Share on facebook
Share on twitter
Share on linkedin

On Monday, SC Media announced the 2022 SC Magazine award finalists, and Randori is honored to have been named a finalist for Best Vulnerability Management Solution. Now in its 25th year, SC Awards are cybersecurity’s most prestigious and competitive program. Finalists are recognized for outstanding solutions, organizations, and people driving innovation and success in information security.

SC Award Finalists were selected by a world-class panel of industry leaders from sectors including healthcare, financial services, manufacturing, consulting, and education. This year’s SC Awards were the most competitive to date, with a record 800 entries. 

Chosen for our innovative, risk-based approach to prioritization, Randori was one of only five finalists selected, competing alongside industry veterans including Qualys, Crowdstrike, and Rapid7. Winners will be announced during SC Awards week, scheduled to begin on August 22, 2022. 

In celebration of this recognition and the launch of our brand new Integrations Marketplace, we’re kicking off a blog new series, Integrations in FocusThis series will show you how Randori is transforming the way attack surface reduction, vulnerability management, security operations, threat intelligence, and red teams work by embedding the attacker’s perspective into their daily workflows.

Over the coming weeks, we’ll look at how organizations are leveraging Randori’s Integrations Marketplace to improve their VM, SIEM, Ticketing, SOAR, and Asset Management workflows.

Why VM Teams Need The Attacker’s Perspective

Vulnerability management is at a crossroads. Faced with exploding asset counts and a surge in the volume of new vulnerabilities, enterprises large and small struggle to keep up with the pace of evolving attack surfaces. 

This growing risk gap between what organizations are tasked with accomplishing and what they can achieve is driving many teams to rethink their approach and the need for:

  • Better discovery of unknown assets
  • Greater prioritization of vulnerabilities
  • A shift to risk-based reporting and metrics
  • Increased automation and integration of workflows

 

Many organizations are increasing their spending on vulnerability management, but 7 in 10 still lack a dedicated RBVM solution. To make progress, vulnerability management teams need easy ways to integrate risk-based approaches to vulnerability management into their approaches. 

EASM fills this gap by helping VM teams understand what vulnerabilities are present and which assets are exposed, which vulnerabilities are most likely to be exploited, and which specific assets are most likely to be attacked. 

“The benefit of attack surface management is being able to proactively identify areas with a high likelihood of attack.”  

– Former Gartner Analyst, Brad Laporte

This blog details three ways vulnerability managers are leveraging EASM today to reduce visibility gaps, improve prioritization, and increase the ROI of their programs using Randori Recon

  • Step 1: Use black-box reconnaissance to find assets unknown to VM teams
  • Step 2: Leverage an attacker’s perspective to prioritize by likelihood, not severity
  • Step 3: Gain a unified view of their greatest attack surface risks.

Ensuring Complete Attack Surface Coverage 

With today’s cloud, distributed, and SaaS-based environments, ensuring VM teams have a complete and up-to-date list of assets to scan quickly becomes an impossible task. In the past year alone, 7 in 10 organizations were compromised by an unknown or unmanaged asset on their perimeter. 

While there always have and always will be unknown risks, having a continuous process to automatically discover unknowns and feed those back into your VM & asset management teams is becoming an essential component of a modern security program. 

Shadow IT poses a significant risk because unmanaged unknown assets are far more likely to contain vulnerabilities or be misconfigured – increasing the likelihood that an attacker will target them. If your VM team does not know an asset exists, they can’t protect it. Randori Recon closes this gap by taking an outside-in approach to attack surface discovery, using the same black box discovery techniques used by today’s attackers. 

Enabling Risk-Based Prioritization

Today, vulnerability management teams are tasked with prioritizing an ever-growing list of vulnerable systems to patch. In 2021, more than 18,000 new vulnerabilities were discovered. Of those, a third were given CVSS ratings of high or greater. With an average backlog of more than 120,000 findings, it’s no wonder vulnerability management teams are struggling to keep up. 

For years, vulnerability management has followed a fairly standard approach to prioritization — assessing assets on the severity of the vulnerability. 70% of organizations still prioritize vulnerabilities this way. 

This one-size-fits-all approach lacks context critical to understanding the likelihood that attackers will attack an asset – including if the asset is exposed, if the vulnerability has known exploits, and if the asset is likely to be viewed as valuable to an attacker. By fixating on vulnerability severity, teams can often prioritize highly vulnerable assets that are of no interest to an adversary before those that are far more likely to be actively targeted. 

Grounded in decades of experience and backed by results from thousands of attacks, Randori’s Target Temptation model helps organizations adopt a more risk-based approach to vulnerability prioritization by providing a realistic assessment of a target’s likelihood of being attacked. Used internally by the Randori team to prioritize research and attack activities — it is not a theoretical model but rather one backed by results and put into action.

Providing A Single View of Your Attack Surface

Randori’s intuitive policy-based rules engine helps teams adopt a risk-based approach to vulnerability prioritization. By combining Randori’s temptation scores with data on an asset’s business importance, remediation status, and more, your VM teams can always have an up-to-date view of an asset’s real-world risk.

This approach has caught the attention of customers, industry analysts, and the media and led to Randori being named a 2022 SC Magazine finalist for Best Vulnerability Management Solution, a 2021 Gartner Cool Vendor, and a 2021 IDC Innovator.

See Randori in Action

Heading to the RSA Conference in San Francisco June 6-9, 2022? Come see Randori in action by stopping by one of our booths in the North or South Halls. Want to get started today, don’t wait – Schedule your free attack surface review today!

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.