Gartner estimates that a third of successful attacks experienced by enterprises will result from unknown shadow IT risks.
Shadow IT isn’t a new problem, but it’s quickly growing in size. Business changes, cloud migration, shadow IT, and M&A, all add complexity to your attack surface. These changes escape vulnerability scans and yearly assessments, and present windows of opportunity for attackers to bypass defenses.
Get this free 3 step guide to learn how to discover, prioritize, and remediate shadow IT.
The average enterprise uses over 1,400 distinct cloud services—that number has tripled over the past five years. As end-users become more distributed and empowered, shadow IT will accelerate and expand. Therefore, it can feel like a daunting task to discover your unknowns, determine why processes weren’t followed, and remediate your top risks.
From our experience working with some of the most secure companies in the world, we recommend a focus on eliminating shadow risk, the byproduct of shadow IT that attackers use to gain unauthorized access. The most cost-effective way to do this is by viewing your company like an attacker. You can do this manually using open source tools, via service engagements, or with commercial products.
Today’s security teams already have more vulnerabilities than can be managed from known assets alone; this discovery adds new workload to an already burdened process. A prioritization framework, based on the attacker’s mindset, can help guide where to take action.
Risk is traditionally defined as Likelihood × Impact. This formula can be used to prioritize your targets by risk. Likelihood should identify the targets most likely to elicit action from an attacker—your most tempting targets. Shadow IT directly exposed to the internet should be your top concern. For any external attacker, this represents a greater likelihood of attack than any asset behind your VPN and firewall. When determining likelihood, we suggest considering weakness, enumerability, and as your program matures, applicability, research potential, and post- exploitation potential.
Once you've completed steps 1 & 2, all that’s left is to take action and remediate that exposed shadow risk. This can include but is not limited to patching, updating configurations, adding two-factor authentication, or shutting down the service to reduce your attack surface. The most successful teams build this into a continuous process.
About Randori
Randori is building the world’s most authentic, automated attack platform to help defenders train like the adversary. Based on technology used to penetrate some of the world’s largest and most secure organizations, Randori enables security leaders to regain control of their attack surface, prioritize like an attacker, and practice how they fight.
