Beyond vulnerability scanning: Enhancing attack surface management for more proactive security

June 23, 2022

Using Spreadsheets to Manage Your Attack Surface is a Bad Idea

By: Keegan Henckel-Miller

Share on facebook
Share on twitter
Share on linkedin

If you work on a security team, you are probably sick of playing from behind. You are essentially participating in an eSports competition against the best players in the world. But without the proper equipment, your system is slower and you have far greater latency than your opponents. If you were playing on your own, you might be able to overcome. But on the cyber gridiron, one small delay can give your opponent all the advantage they need.

Part of the problem is that many security teams are using analogue techniques in a digital world. Research shows that 70 percent of security teams measure their attack surfaces using a spreadsheet. Attackers have a plethora of tools, exploits and automation at their disposal. Security teams need the same speed and efficiency to compete. To do this, you need the best automated tools. You need a continuous, automated solution that accounts for shadow IT to get ahead of attackers. Enter: Attack surface management.


Problem #1: Spreadsheets take too much time to create

When a new vulnerability is announced, it takes an average of 80 labor hours to conduct an attack surface audit to see what’s exposed. This overworks staff, and delivers only a partial final product. The lag also allows attackers extra time to utilize exposures and gain that advantage — it takes attackers around 48 real-world hours on average to exploit a publicly known vulnerability  after discovery.

As it stands, when a security team wants to audit their attack surface, they gather data from dozens of security tools and drop it all into a spreadsheet for analysis. This is overly time consuming, which burns out staff and gives attackers more time to operate unseen. Meanwhile, if it takes multiple days or weeks to build a snapshot of the attack surface, that snapshot will be out-dated before it lands on the CISO’s desk. 


Problem #2: Spreadsheets are too complicated and aren’t prioritized 

Even without the devastating effects of waiting two weeks to act on a common exposure, working overtime to amalgamate data from many tools creates a report full of low-quality data. Many of the assets which appear on this list will be duplicates, and more still will lead to targets that are not actually attackable in the wild. With this overload of low-grade information, the alerts lose context. With a patchwork of different snapshots from different tools, important alerts are more likely to fall through the cracks.


Problem #3: Shadow IT 

Using a spreadsheet to manage your attack surface turns a blind eye to the existence of shadow IT. Wiping out a vulnerability within your known assets could be for naught if you shadow IT includes the same exposures.

Shadow IT is a big problem. Having assets on your network that you don’t know about increases risk of harboring exposed vulnerabilities that you don’t know about. Because current tools are only scraping publicly available data, they cannot see shadow IT. Since ASM is an offensive security solution, it sees networks from the outside looking in. This allows the platform to include assets and targets that would not appear on a manual audit. 


The Solutions

So you’ve now spent countless hours and dollars constructing this attack surface report. You’ve still got a list of assets that is two weeks late, not prioritized, and only sees part of the picture. Meanwhile those exposures you’re reporting may have been exploited days ago. 

You can’t play eSports with a bad wifi connection. Just like in eSports, the competition in cybersecurity is determined by who can move faster. When security teams lack the proper automation and consolidation tools, they are playing from behind. The stakes are high, and everyone’s security resources are stressed enough as it is before you add in time disadvantages.

What you need is a continuous, automated solution which consolidates and prioritizes targets the same way an attacker would. Using an ASM platform like Randori Recon to manage attack surfaces will improve these programs by:

  • Alerting the team to new exposures in real time
  • Seeing network from the attacker’s perspective, including shadow IT
  • Delivering reports that are more streamlined and accurate
  • Delivering attack surface audits immediately with the click of a button


By adding an ASM solution, you can reduce your risk while cutting costs across the board. With more time back in your security team’s week, you can all focus that time on securing the network against new threats before attackers take advantage.


Click here to get started with a free attack surface audit

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.