Preventing breaches begins with understanding and protecting your attack surface. For most enterprises, their attack surface is huge. To help wrangle it, security professionals have struggled for years to use tools such as network mapper (nmap) or vulnerability scanners to discover and test the security of internet-exposed assets; these typically present a path of least resistance into an organization for an attacker. With the plethora of digital transformation initiatives, now we struggle to keep up with the proliferation of assets that may not be owned by an organization, but are in closely related environments including those of third parties, partners, SaaS platforms, and the rest of the digital supply chain. Although the capabilities of legacy technologies like vulnerability scanners have improved, they are largely used for “internal” assets and aren’t able to discover assets or vulnerabilities outside of known environments.
One of the issues that comes along with using these legacy technologies is that they simply prioritize security fixes based on the results of vulnerability scans and CVEs. Penetration testers, red teamers, and your attackers know well that some of the most vulnerable assets aren’t even seen by a vulnerability scanner. Look at some of the most well-known attacks and you’ll see the gaps.
As the market and security vendors begin to recognize gaps in the conventional wisdom, new solutions and even new market categories emerge to close the gaps. In this case, it’s a category called External Attack Surface Management. This space was born out of the fact that the internet is every organization’s new network, and tools like vulnerability scanners and spreadsheets can’t cover it. At its foundation, External Attack Surface Management addresses the discovery and security testing of internet-exposed assets. But as with any new category, you have some companies which build on that foundation.
We recently interviewed Rob Gurzeev, CEO and Co-Founder at CyCognito, on Paul’s Security Weekly to discuss how to protect your attack surface. Rob discusses how their data model, leveraging a graph database and internet-scale analytics models, allows them to map your attack surface and contextualize the assets and risks so that you can rapidly close those paths of least resistance. They call their approach attack surface protection, and it’s based on actual security testing results and relationship analysis that allow them to build confidence and risk scores across externally exposed assets, including those hosted by third-parties, partners, and in the cloud. Going beyond the visibility of your attack surface, CyCognito addresses the question “what do I do next?” Their platform provides insight and understanding of your assets and their context to guide your operational teams on what to do to reduce your breach risk and improve your security.
No longer is the size or complexity of your external attack surface an unmanageable problem. CyCognito can help protect it by:
Graphing business relationships and discovering all of your external assets
Determining the business context of your assets
Testing the security of your assets at scale
Prioritizing risks based on issue and asset context and attractiveness to attackers
Accelerating risk remediation to prevent breaches