In conflict, defenders have a natural advantage over attackers.
- Attackers must learn about their target’s environment and find ways to exploit it.
- Defenders know their environment and can get to weak points before attackers do.
In physical warfare, this “home ground advantage” means that defenders win most of the time. The historical force asymmetry between defenders and attacks is often quoted as the “3 to 1” rule of combat. To overcome a defended position, attackers need a force three times what defenders have.
Why is it that in cybersecurity, this historical rule of conflict appears to work in reverse?
Even low-effort cyber attacks tend to have massive ROI for attackers. Research from Deloitte shows that a cyber attack costing as little as $34 can yield attackers $25k (a several thousand-fold ROI).
Launching cyber attacks also keeps getting easier. Threat actors ranging from advanced persistent threats (APTs) to script kiddies can buy all the services they need, starting with advanced threats and ending with money laundering on an as-needed basis.
Meanwhile, the average cost of a data breach is now $4.35 million and growing. This is despite defenders spending record sums on cyber security. Gartner forecasts security spending to have increased by over 11% this year.
To take back the fight and regain their natural defenders’ advantage, organizations need to reconsider their approach to security. Visibility into where assets and attack vectors are is more important than deploying new security solutions.
Using processes like attack surface management (ASM) to attain the defender’s advantage and regain insight into their digital estates needs to become a priority for security professionals going forward.
How Defenders Lost Their Advantage
Expanding attack surfaces and pessimistic security mindsets have moved security teams from proactive to reactive defense.
Security spending keeps growing, but the number of successful cyber attacks is climbing fast. There was a 22% increase in attacks in Q3 2022 compared to last year. Part of the reason why is that instead of investing in people and processes to proactively secure their networks, organizations have invested heavily in security tools.
Gartner analyst Anton Chuvakin described this problem all the way back in 2012 as “buying boxes and not using them.”
Since then, the problem has compounded. In 2022, the average organization deployed 76 different security tools to defend its environment (16% more than in 2019). At the same time, the adoption of reactive mindsets like “assume breach” has convinced many security teams that proactive defense is a waste of resources.
However, another major reason why defenders have retreated from their castle walls is the dramatic expansion of their attack surfaces.
Security teams are seriously overstretched. A shortage of skilled personnel is a major headache for every level of security team. Burnout is rife, and a relatively small number of professionals are often tasked with protecting sprawling cloud assets on one hand and legacy Windows and Linux assets on the other.
Few organizations can give an accurate account of what their attack surface looks like:
- Visibility into what’s connected to their organizations’ networks and where vulnerabilities are is one of the biggest issues facing security leaders globally.
- 70% of organizations that experienced a cyber attack in 2021 had a vulnerability in an asset they did not know about.
- Defenders often miss around 30% of the assets that are actually connected to their network.
Even when security teams know what assets and attack vectors exist on their networks, they can struggle to achieve clarity as to which ones need action first. As a result, defenders have given the knowledge advantage over to attackers. ASM is a powerful tool for taking their defender’s advantage back.
Using ASM to Gain a Defender’s Advantage
ASM allows security teams to gain operational confidence and take back their defender’s advantage against threat actors.
Being proactive in defense is an essential step for capturing the defender’s advantage. Security teams win when they find and fix vulnerabilities and attack vectors before attackers do. Simple in theory, but not so much in practice.
With tens of thousands of Common Vulnerabilities and Exposures (CVEs) released each year and trends like remote work and cloud adoption creating a spiraling list of attack vectors, prioritization is an immense challenge. While useful, vulnerability management cannot provide teams with the prioritization information they need to keep up. There is no point knowing you have dozens of equally dangerous CVEs if you do not know which ones actually put your environment in danger.
Practicing ASM can help security teams solve this problem.
A continuous process of network monitoring and discovery, ASM allows security teams to understand where they are most vulnerable and prioritize remedial action. ASM highlights dangerous attack pathways. This is particularly important in fast-changing environments during events like mergers and acquisitions or shifts to remote working.
Taking Back the Defender’s Advantage with Randori’s ASM
Randori’s ASM platform replicates threat actors’ tactics to find an organization’s vulnerable network-connected assets.
Starting with an email address, Randori lets security teams scan their entire digital estate and find targets the attackers are likely to go after. Our platform helps teams prioritize their efforts by telling them not just a target’s vulnerability but its “attack ability,” i.e., how easy it will be for an attacker to successfully exploit it.
Randori gives defenders a clear playbook for finding and getting to the most vulnerable parts of their estate long before attacks do. This new level of knowledge gives back the defender’s advantage to security teams.
Read our case study to see how a major shipping company uses Randori’s ASM platform to create an offensive security posture.