Attack Surface Management is a practice within the offensive cybersecurity field that has been rapidly gaining popularity in recent years. More and more CISOs and security teams are understanding the value of having an asm solution to help audit, manage and reduce their attack surfaces.
At Randori, we are building a platform which can consolidate and prioritize targets automatically and continuously. Since we group alerts by targets, our platform delivers a list of alerts that is much shorter than a list of vulnerable assets. The majority of exposed assets are vulnerable on paper but do not represent easy access to an attacker. This streamlined list of targets gives defenders an easier job to follow up on. Second, Randori uses a target temptation score built by real hackers, which prioritizes targets by real-world attackability.
PUTTING THE ATTACKER IN ATTACK SURFACE MANAGEMENT
Randori has an attack surface management offering, but it operates differently than the other options on the market. As such, we felt it was prudent to create a piece designed to help potential customers understand what sets Randori apart from the field.
ASM is important. In high-pressure instances like Log4j, the right ASM solution can reduce the 80 hours it takes to audit an attack surface for exposures to mere minutes. In normal operating times, it alerts you in real time when new exposures pop up on your perimeter. However, none of that is truly valuable without the attacker’s perspective.
The way attackers see attackability from the outside of an organization is nothing like what defenders see and prioritize internally. And while other tools in the space simply aggregate information scraped from other sources, Randori’s Hacker Operations Center has an R&D team comprised of some of the world’s foremost hacking and targeting talent. This allows Randori to use a complex algorithm to rank exposed targets on an organization’s perimeter based on true attackability in the wild.
ATTACK IS IN RANDORI’S DNA
At Randori, we build exploits, we research ways to compromise targets, and we know how to embed that knowledge right into our recon platform to allow our customers to be the beneficiaries. Our competitors rely on the information of others. Rather than testing these conditions on their own, they’re waiting for resources to be made public, like CVE Scores and tool kits to test vulnerabilities. There is no net new information in this scenario. They simply take a set of existing tools and amalgamate them into one cohesive concept.
This key difference in approach also means our competitors will charge you wrong. Competitors of ours scan the entire internet and compile a list of “vulnerable” technologies. Their scans will find exposed IPs and hostnames that relate back to the company’s network. The problems with this kind of thinking are two-fold:
- 1) When they charge by the asset, they are incentivized to find as many as possible, no matter how useful they would be to an attacker. For example, dozens or even hundreds of IPs might lead to the same target one layer in.
- 2) The more alerts you list for an attack surface, the better the prioritization mechanism must be. Otherwise, teams will get a list of alerts so long they can not even get to all of them. Our competitors use little other than common CVE scores to determine which alerts are of the highest priority. These are determined by Mitre using mostly self-reported data, the accuracy of which changes based on context. CVE severity scores rarely correspond to juicy targets for attackers.
HOW THIS MANIFESTS IN OUR PRODUCT
Randori is an offensive security company and we use our product to attack things. Unlike most of our competition, our mission doesn’t stop when we send out an alert. Our customers expect us to back that alert up with proof. This expectation that Randori will both discover and validate our findings led to developing our ASM solution that allows us to provide value that others can’t.
You can see this value clear in three key product features:
Targets: Attackers don’t attack IPs or Hostnames; they attack applications. While traditional asset management focuses on assets (IPs, Hostnames, Certificates and Networks)that can number in the tens or hundreds of thousands, attackers focus on a much smaller list of discoverable applications. We call these targets and we center our UI around them, because they represent your true attack surface. By centering around Targets, we can show you a much richer picture of your environment – exposing how IPs and Hostnames intersect, where they unite and how your network is connected. Don’t worry – we’ll show you your IPs, Hostnames and certificates too but we focus your attention on targets because that is where your true risk lies. Doing it any other way is brought with noise, generating numerous alerts for the same fundamental issue. With Randori, you get less noise and more action.
Target Temptation: Much like attackers do not attack IPs or Hostnames, they also do not attack every vulnerability on every system. Most vulnerabilities are not exploitable and even fewer are stable enough to be used in the real world. Roughly 5% of vulnerabilities are ever known to be exploited. Yet most ASM solutions generate alerts on CVSS score alone – flooding security teams with high severity issues real attackers will never touch. At Randori, we developed our own approach to prioritization called Target Temptation. Designed to put you and our teams on target faster, it analyzes every target across six factors to determine its relative interest to an attacker. Providing a contextual assessment of risk, target temptation is just one way that Randori provides you with the evidence and insight needed to not only identify issues but advocate for change inside your organization.
Discovery Path: While many vendors love to tout that their ASM solution they “map the internet”, scanning the entire IPv4 address space, what they fail tomention is that this approach yields only a 2D view of your attack surface. Because Randori leverages a center-of-mass approach to discovery, starting with your organization and spidering out – we are able to provide a 3D view of not only which assets are exposed, but how they are connected and how an attacker would go about discovering them. This 3D view is critical to helping security teams understand how issues are connected, identifying the correct remediation approach, and getting to the root cause of the issue. By answering the question “how did you find this”, organizations can make structural changes and deploy categorical defenses that help teams not only address today’s issues but prevent tomorrow’s from ever occurring.
WHY THIS MATTERS TO YOU
Bottom line is, Randori Recon is the only ASM solution positioned to deliver the real attacker’s perspective to defenders because we are the only ASM solution on the market whose product is built and operated by real attackers. We can tell you where on your attack surface you should be prioritizing your efforts, and we’re going to give you guidance to secure those areas. Using the attacker’s perspective and a careful application of defense resources, you can greatly reduce the risk and potential damage of future attacks with Randori.