Harden Your Attack Surface with ASM — This article was originally published in TAG Cyber Quarterly.
Randori was named a Distiguished Vendor by TAG Cyber for our state-of-the-art Attack Surface Management platform.
The Randori platform was designed to think and act like the attacker groups executing ransomware attacks. The platform identifies attack targets and illuminates where and how attackers will strike. Randori allows enterprises to find vulnerabilities, prioritize remediation, and close points of entry before they’re exploited.
“Attack surface management” is a term that covers a lot of ground, and one which means different things to different security practitioners. The reality is that modern companies’ cyber attack surfaces are already large and continuing to expand. Organizations using the out-dated approach of finding and fixing vulnerabilities before an attacker does are facing an uphill battle. This will only be exacerbated by the speed at which businesses operate, the interconnectivity of systems, the amount of data and applications produced daily, staff shortages, adversary sophistication, and more.
Automation has become necessary for managing the attack surface. Importantly, though, automation can’t just produce a simple identification and dump of, “here’s every exposure you have!” There would be too many “priorities” for security teams to triage.
The team at Randori incorporates their experience as pen testers and red teamers into their attack surface management (ASM) platform, but uses automation and machine learning to ensure efficacy. TAG Cyber sat down with the team at Randori to learn more about how it works.
TAG Cyber: First, can you provide your angle on attack surface management and what it means for enterprise security teams?
Randori: Attack Surface Management is an emerging category of solutions that aims to prioritize risk on an organization’s attack surface, from an external perspective.
An organization’s attack surface is made up of all hardware, software, SaaS, and cloud assets that are accessible from the Internet that process or store your data and are discoverable by an attacker. In short, your attack surface is any external asset that an adversary could discover, attack and use to gain a foothold into your environment.
Traditional solutions keep teams subjugated to the vulnerability-du-jour or rely on an annual snapshot of your security posture. In both cases, these leave organizations scrambling and implementing reactive defensive strategies. Randori enables companies to become proactive by allowing them to practice how to fight to stay one step ahead of attackers.
TAG Cyber: Ransomware has been a big(ger) problem lately. How can companies really defend against this, other than disabling links and downloads in email — which seem to be the best and easiest ways attackers get into systems?
Randori: 40% of attack techniques that end in ransomware begin with a pivot through the attack surface. Our attack platform identifies the targets hackers will attack first and illuminates where and how attackers will strike your environment. Our customers tell us we help with 3 things:
- Understanding What’s Exposed: By the time an attacker is on your devices and thinking of holding you for ransom, it’s already too late. The real battle is won in preparing contingency plans when your security perimeter fails.
- Prioritizing Vulnerabilities: Organizations often have tens of thousands of exposed assets on the internet, the key is to find the ones hackers will target first. Randori provides an external perspective of their business using the same advanced techniques threat actors use to identify your most tempting ransomware targets – helping zero in on the greatest risks to their business.
- Testing MDR & IR Capabilities: A company’s attack surface is always changing and ultimately, a hacker will gain access. When this happens, it’s important to know if your security program can contain the threat. Our Attack product can help organizations build a scorecard of their MDR and IR effectiveness so teams can gain experience before a real incident occurs.
TAG Cyber: What are some of the key findings from Randori’s recent “The Rising Cost of Ransomware” survey?
Randori: We recently conducted a survey of security decision makers, to understand how enterprise security programs responded to challenges of remote work, cloud migrations, and shadow IT. We discovered that ransomware struck nearly half of businesses within the past 24 months, and forced CISOs to agree that the threat should be considered a “cost of business.” And, eight in ten acknowledge that ransomware is a symptom of a larger problem. Our research shows that security leaders rank attack surface management (ASM) as one of the three things to do to reduce the risk for ransomware.
TAG Cyber: How does your platform address the different components of a cyber attack?
Randori: Randori helps organizations understand true risk with our Attack Surface Management and Continuous Automated Red Teaming solution. We do this by:
- Finding Unknowns: Corporate environments are dynamic and diverse environments making blindspots and shadow IT a constant challenge- Randori automatically discovers your true attack surface, finding unknown assets others miss. This is an essential capability for any security team at organizations with large environments and heavy digital asset footprints.
- Pioneering Vulnerability Prioritization: Randori provides vulnerability management teams critical insight into the attackability of external-facing assets. With Only 5.5% of all vulnerabilities ever exploited in the wild, being able to prioritize the ones hackers are most likely to target is essential.
- Keen Focus on Operationalization: While other ASM vendors focus on Mean Time to Identification (MTTI), Randori understands that identification is just the beginning and the real value comes from action. Our platform has been designed to reduce Mean Time to Action and accelerate your team’s ability to respond.
TAG Cyber: With so many vulnerabilities. How can companies effectively manage all the output they receive from your platform?
Randori: Attack Surface Management and Vulnerability Management are always each going to have their place in the security world, and they will always overlap. Different components work together to address the overall goal of reducing overall exposure. But chances are if you’ve had a vulnerability management platform over the past several years, you’ve watched it decline in value. Vulnerability management teams are drowning in alerts with longer reports with no prioritization, you’ve had to rely more on waiting to be attacked to see where you are most vulnerable.
Randori Recon leverages our unique external perspective to go further — evaluating the unique attributes of each target on a continuous basis to provide you a quantified assessment of how likely an asset is to be targeted by an attacker.
