As the chaos of 2020 moves into the rearview mirror, attack surface management (ASM) is emerging as a key priority for the security industry in 2021. You may have already heard whisperings of ASM around your workplace or at security conferences, as 2020 in its own right was a banner year for this emerging category. There are three critical changes driving this shift – the transition to remote work, acceleration of cloud migration, and security team overload. In response, executive interest in finding better ways to manage attack surface risk is on the precipice of a massive boom.
What was already an industry on the upswing in 2019 got kicked into high gear when COVID and the unprecedented speed of the quarantine drove countless workloads, sensitive files, and meetings to be remotely accessible. This massive shift has led to an uptick in cyberattacks, with Verizon finding 52% of enterprises have experienced an increase in incidents since COVID-19 began.
Moving millions of employees online overnight was not without a cost; breaking processes, creating hygiene issues, and standing up shadow IT introduced new external risks that organizations are just beginning to understand. In the shuffle, attackers found new ways to find and target new vulnerable work-from-home employees, with ransomware attacks increasing 40% in Q3 of 2020 alone.
Accelerating the Move to the Cloud
While the quarantine did not bring about cloud transformation, it did push more assets onto the perimeter. By accelerating a movement that has been nearly a decade in the making, COVID-19 has made cloud exposure management an essential capability for organizations as more public cloud workloads are spun up, and more services are exposed to the internet for remote administration.
Put this all together, and it is undeniable that the pace and scale of the transition to remote work created new windows of opportunity for attackers. As we enter 2020, overworked security teams are under more pressure than ever to identify and reduce the risk these new external assets represent. Enter: Attack Surface Management.
According to IDC, organizations spent more than $125 billion on cybersecurity in 2020, with that total set to continue growing by more than 40% by 2025. Despite increased spending, cyber risk not only remains a top concern among risk executives, according to Gartner, but according to NYU the perceived threat posed by cyber-attacks has also risen – suggesting the situation is getting worse, not better. It is not surprising then that cyber-attacks remain a top 10 global concern according to the World Economic Forum.
With Acceleration, Prioritizing Becomes Essential
With attack surfaces expanding faster than security teams can keep up, the traditional inventory centric approach to perimeter security and vulnerability management is not sustainable, with patch times now often measured in months, not days. Attack Surface Management enables an adversary-focused and risk-based approach to perimeter security, leveraging an attacker’s external perspective to discover and validate new sources of risk as they arise.
The truth is that not all assets and vulnerabilities are created equal. Some matter more to your business, and others are more likely to be targeted by attackers. While every business should know which assets matter, the only way to know which are more likely to be targeted is to understand the attacker’s perspective.
When 95% of vulnerabilities are never exploited, identifying unknown assets and prioritizing which assets to patch first from the attacker’s perspective is not only crucial for managing costs but essential to managing risk.
Big security companies are already recognizing this shift and seeking ways to incorporate the attacker’s perspective into their traditional security platforms, as demonstrated by Palo Alto Networks’ recent acquisition of Expanse for nearly a billion dollars. As a pioneer in this category, Randori is uniquely positioned to help organizations make this shift. Only Randori can help organizations both discover and validate your risks – thanks to our unique combination of attack surface management and continuous automated red teaming.
Applying the Attacker’s Perspective to Prioritize Risk
To understand the attacker’s perspective, organizations need to be able to authentically answer three critical questions:
- What assets can an external attacker discover?
- Which assets could they reasonably attack?
- Which assets would benefit an attacker most if attacked?
To effectively manage risk, organizations must then go a step further and assess which of those assets, if compromised, would prose an unacceptable risk to the business and take action. When done well and often, organizations are left with a list of their most pressing external risks that is often 10X smaller but more impactful than those generated through traditional vulnerability-based prioritization.
If you’re looking to secure your attack surface and would like to start applying an attacker’s perspective to better prioritize your external risks, take the first step by signing up for a free attacker’s assessment of your organization.