SANS Guide to Evaluating Attack Surface Management

Randori Named One of the 10 Coolest Cybersecurity Startups of 2020

Ian Lee

I’m excited to share that Randori has been named one of the 10 Coolest Cybersecurity Startups of 2020.

It’s been a breakout year for the Attack Surface Management market and this recognition further validates our belief that understanding your attack surface is an essential capability for every enterprise.

Want to see what CRN found so cool about Randori? Get started with a free adversarial assessment of your attack surface.

Managing Risk In a Remote World

 

If 2020 has taught us anything, it’s that the future of technology is distributed, dynamic, and remote. As enterprises adapt and move to make core services accessible from anywhere, identifying issues and prioritizing based on how attackers view your business has never been more important. 

 

As a result, Attack Surface Management is shaping up to be one of the key areas of focus for security teams in 2021 as they respond to these rapid shifts. When everything is external, having an outsider’s perspective of what is exposed is essential for anyone looking to reduce their attack surface. At Randori, we are proud to have helped pioneer this emerging market and are excited to work with companies to put our solutions and unique insight to work. 

 

The Power of the Attacker’s Perspective

 

Discovery: To manage digital risk, you need a solid handle on your attack surface. This starts by understanding what your adversary can see. ASM solutions help security teams manage risk by providing an ongoing assessment of an organization’s external-facing assets. 

 

Cloud-based and turnkey, ASM solutions provide an adversarial assessment of an organization’s discoverable attack surface, enabling teams to reduce their attack surface and better prioritize their greatest external risks. Further, ASM solutions continually monitor an organization’s attack surface by tracking and identifying changes in assets and risk over time. Setup is minimal, with no agents to deploy. Most organizations begin to see value within a matter of days. Curious what we’d discover? Get started today for free with a 14-day trial.

 

Assessment: With security teams drowning in alert fatigue, being able to confidently cut through the noise and identify the issues that pose an active risk is critical. In few places is this pain more acute than vulnerability management, where despite nearly 1 in 3 vulnerabilities being categorized as high or critical, fewer than 5.5% are ever exploited in the wild.

 

By providing an attacker’s perspective, Attack Surface Management can be used to assess not just the severity of the vulnerability but the likelihood that a specific asset will be targeted. Security teams can leverage this perspective to deprioritize high-severity vulnerabilities that are of little adversarial value and prioritize those that present an adversary a lower friction path to initial access. Do you know your Top Targets? Find out with a free adversarial assessment.

 

Validation: At the end of the day, security and business leaders need to know if their valuable assets are secure. Vulnerability scans can’t answer this question. When combined with a Continuous and Automated Red Team (CART) solution, such as Randori Attack, Attack Surface Management solutions can provide organizations with an ongoing ability to validate and prove they are reducing risk over time.  Want to know where you stand? Get started today with a 14-day trial.

 

What Sets Randori Apart

 

While most ASM solutions fixate on asset discovery, Randori leverages our unique background in offensive security to go further — evaluating the unique attributes of each target on a continuous basis to provide you a quantified assessment of how likely an asset is to be targeted by an attacker. 

 

Dynamic and updated with the latest information, Randori’s assessments can be fed into SOAR or RBVM solutions to ensure the latest information is always being used to prioritize work. This comprehensive approach reduces risk and optimizes the use of an organization’s limited security resources.

 

Grounded in our team’s decades of experience conducting high-end red team engagements and the thousands of attack results gathered by our continuous and automated red team, Randori’s Target Temptation model provides a realistic adversarial assessment of a target’s likelihood to be attacked. Used internally by the Randori Attack Team to prioritize vulnerability research — it is not a theoretical model, but rather one backed by results and put into action. 

 

By evaluating each asset on six temptation factors and observable characteristics, Randori provides security teams a far richer assessment than competitive solutions. Armed with these findings, security teams can ensure they focus their time on hardening the assets most likely to be targeted by attackers. 

 

Further, the Randori Attack Platform is the only solution that combines Attack Surface Management (ASM) and Continuous and Automated Red Team (CART) capabilities into a single SaaS-based platform. Only Randori provides security leaders with the authentic discovery and ongoing validation needed to build a risk-based security program. 

 

Getting Started with Attack Surface Management

 

For security teams looking to kick off an attack surface management project, Randori has partnered with SANS to help organizations accelerate projects and help make evaluating Attack Surface Management easier. 

 

  1. Get started with a free Attack Surface Review with the Randori Team
  2. Read the SANS Evaluator’s Guide to Attack Surface Management
  3. Watch the SANS Webcast on Attack Surface Management  

 

These resources will provide you with a firm overview of what Attack Surface Management is, how organizations are leveraging it today, and how SANS recommends organizations go about evaluating competitive ASM solutions as part of a proof-of-concept process. 

 

About Randori

Discover the power of a trusted adversary by gaining an attacker’s perspective of your organization. Get started by scheduling a free attack surface review with the Randori team today.