2022 The State of Attack Surface Management
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike. You need an attack surface management platform. With cloud migration and the work-from-home boom dramatically increasing the number of external targets, being able to prioritize your attack surface from an attacker’s perspective has never been more urgent.
If an attacker comes from an external position, they aren’t going to exploit an IP address, hostname, or port. They will attack the underlying software exposed to the internet. Randori discovers these targets, and prioritizes them for remediation using a patent-pending Target Temptation model. This model considers how the software is deployed, vulnerabilities and weaknesses, and post-exploitation potential if the service is compromised.
Black-Box Reconnaissance: Any ASM solution must automatically discover the external assets an attacker can see – this includes IPv4, IPv6, Cloud, and IoT Assets. Unlike asset management solutions, there should be no need to provide IP address ranges or other asset information to get started. Your domain name should be sufficient. Randori’s patented center-of-mass approach finds assets others miss and starts with only an email.
Continuous Monitoring: Your attack surface is dynamic; your ASM solution must be too. Assets come and go; ASM solutions must continuously monitor and track these changes and quickly alert users when a critical issue is found. Randori’s global network of dynamic cloud infrastructure is constantly monitoring to provide you the most authentic view of your external attack surface.
Shadow IT Discovery: Gartner estimates 1/3 of breaches will start with unknown assets. ASM solutions should make it easy to identify any assets you were not previously aware of by integrating with asset management solutions and supporting policy-driven rule & prioritization workflows. Randori’s rich integrations and policy-driven rules engine make it easy to automate the discovery of Shadow IT.
Risk-Based Prioritization: Not all assets have the same value to your organization or attackers. Any ASM should automatically provide an external threat assessment, identifying the most tempting issues to attackers. Leading ASM solutions go further, giving users rich capabilities for real-time risk-based prioritization. Randori’s prioritization engine combines the attacker’s perspective with business value, business impact, existing security controls, and remediation status to build a stack-ranked list of your most risky targets.
Bi-Directional API & Enterprise Integrations: Leveraged by vulnerability management, threat intelligence, and security operations teams, ASM solutions must enable teams to integrate into their daily workflows. Bi-directional APIs and the ability to integrate with SIEM, SOAR, asset management, and ticketing systems are critically important. Randori’s REST API and integration ecosystem make it easy to embed the attacker’s perspective.
Less Noise: Like real attackers, Randori is focused and targeted. While other ASM vendors index the entire internet, drowning you in false positives – we focus on uncovering your unique attack surface. For your overworked security team, this means less noise and more time for action.
Better Prioritization: You’ll always have more vulnerabilities than you can patch – the key is identifying the ones that intrigue hackers. Randori’s Target Temptation model identifies your greatest risks and raises them to the top – ensuring your team is tackling the right problems.
Enterprise Ready: Don’t just identify issues – act on them. Randori’s rich APIs, built-in reporting and integration with partners make it easy for your team to turn insights into actions.
Today, Randori is thrilled to announce the launch of our new Integrations Marketplace. The Integrations Marketplace is a new feature available inside the Randori Offensive Security
What is CVE-2022-1388? CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to
The 2022 NCCDC season has come to an end. As a founding member of the NCCDC Red Team, I have been volunteering at this event
