The Growing Importance of Attack Surface Management 

In just a few months, the COVID-19 pandemic sped up digital transformation by years. In 2019, Statista showed that a little less than 1.2 trillion U.S. dollars were spent on digital transformation efforts – by 2025, global digital transformation spending is forecast to reach 2.8 trillion U.S. dollars.  

The pandemic changed the way organizations in all sectors and regions did business. It brought forth vast advancements, as well as great security concerns. Since the start of the pandemic, ransomware attacks have increased by nearly 500 percent since the start of the COVID-19 pandemic. 

Rounded,abstract,cityscape,network,connection,,internet,and,global,connection,concept.

We’re more interconnected than ever before, and the pandemic has only increased our reliance on the internet for those connections. Because of the rapid increase of digital transformation, organizations lost control their technology. In 2019, a Forbes survey found that more than half of executives they interviewed were not confident that they are aware of all the technology their employees use. With the evolution and adoption of the working remote environment, cloud-based SaaS solutions became commonplace. Technology is at your fingertips; however, it has an ugly dark side called shadow IT.  

In many instances, shadow IT also goes together with third-party vendors, or one’s IT supply chain. The reality is it’s easier than ever to acquire software or an IT service online and pay by credit card and not tell anyone except accounting for the budget reconciliation. And for many, this seems like the easiest and fastest way to get what they need to do their jobs.  

Shadow IT’s Impact on Your Attack Surface 

Shadow IT expands an organization’s attack surface, and an expanding attack surface affects an organization’s security posture and risk profile. In fact, 46% of executives in that 2019 Forbes survey believed that direct purchasing of SaaS solutions, personal and business applications, and other non-sanctioned software by individuals and business units made it impossible to protect all their organization’s data, systems, and applications. This hasn’t improved. In 2021, more than 80% of IT executives believe remote work has increased security risks tied to shadow IT.  

Reducing an organization’s attack surface should be an organization’s key objective. If you can reduce the potential points of entry (or attack vectors), your organization is better protected from a successful attack.  

The Castle & Moat of Yesterday is Not Good Enough 

This objective has traditionally been executed against with that trusty, old castle and moat approach. This is where teams try to identify and manage their attack surface from the inside out. They begin with identifying the assets and devices they have and tracking which employees have which items and where they are. Security teams may dive a little deeper with configuration management software to see if devices and applications are up to date or misconfigured or if they need patches. Teams are also likely using putting up firewalls on the network boundary and implementing endpoint protection and antivirus software on devices, while running vulnerability scans on these devices. All of this helps to manage that attack surface.  

Male,and,female,operators,working,on,computers,in,system,control

But security teams continue to struggle with identifying all the assets they need to manage or monitor – much less whether those assets have vulnerabilities or exposures – all of which increases an organization’s cyber risk. Therefore, using an outside-in approach and getting a map of your organization’s digital footprint is critical. 

Instead of trying to identify all your assets from the inside out, you look at what your organization looks like on the public-facing internet – it’s digital footprint. What assets are identifiable on the internet? Where are they – and are they were you expected them to be? Are there assets on the internet that shouldn’t be? Do they have any vulnerabilities or exposures that could be leveraged?  

We’re not saying the traditional inside-out view isn’t important. By no means should you stop those efforts. But this outside-in approach allows you to see what the adversary sees – how big or complex your organization looks, where it has locations, and what’s possibly exposed that could be leveraged for nefarious activities.  

At LookingGlass, we believe the asset discovery and vulnerability identification features must be automated. Otherwise, it remains a heavily manual process, and honestly, shouldn’t we expect more from our tools?  

Supercharge the Value of Attack Surface Management 

The pandemic really drove home how much harder it was to protect an organization that is wildly distributed. Digital transformation isn’t dying down any time soon, and recent reports say that remote or hybrid work is here to stay, so your expanding attack surface is only going to continue and increase. It’s critical to supercharge the value of your attack surface management. To do that you should layer threat intelligence on top of your digital footprint to help further prioritize items you need to fix or respond to, but to also give you better situational awareness.  

Attack surface management shouldn’t replace your asset management tools, but it can be helpful to get the external view and see how well it matches your internal inventory. If you’re unsure where to start, our latest e-book, A Guide to Attack Surface Management, will shed light on what ASM is, how threat actors see your attack surface, and how seeing what the adversary sees can be useful for cybersecurity and IT teams.

Download the ASM e-book by filling out the form to the right.  >>>

Download the Attack Surface Management E-Book