Attack Surface Detection
Why Do We Need Attack Surface Detection/Discovery/Analysis?
An organization’s attack surface is the sum of vulnerabilities, pathways or methods -sometimes called attack vectors- that hackers can use to gain unauthorized access to the network or sensitive data, or to carry out a cyberattack.
Worldwide digital change has accelerated the size, scope, and composition of an organization’s attack surface. The size of an attack surface may fluctuate over time, adding and subtracting assets and digital systems (e.g. websites, hosts, cloud and mobile apps, etc). Attack surface sizes can change rapidly as well. Digital assets eschew the physical requirements of traditional network devices, servers, data centers, and on-premise networks. This leads to attack surfaces changing rapidly, based on the organization’s needs and the availability of digital services to accomplish it.
Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack.
Attack surface scope also varies from organization to organization. With the rise of digital supply chains, interdependencies, and globalization, an organization’s attack surface has a broader scope of concern (viz. vectors for cyber attacks). Lastly, the composition of an organization’s attack surface consists of small entities linked together in digital relationships and connections to the rest of the internet and organizational infrastructure, including the scope of third-parties, digital supply chain, and even adversary-threat infrastructure.
An attack surface composition can range widely between various organizations, yet often identify many of the same elements, including:
- Autonomous System Numbers (ASNs)
- IP Address and IP Blocks
- Domains and Sub-Domains (direct and third-parties)
- Mail Addresses
- SSL Certificates and Attribution
- WHOIS Records, Contacts, and History
- Host and Host Pair Services and Relationship
- Internet Ports and Services
- Web Frameworks (PHP, Apache, Java, etc.)
- Web Server Services (email, database, applications)
- Public and Private Cloud
The digital attack surface potentially exposes the organization’s cloud and on-premises infrastructure to any hacker with an internet connection. Common attack vectors in an organization’s digital attack surface include:
- Weak passwords
- Software, operating system (OS) and firmware vulnerabilities
- Internet-facing assets
- Outdated or obsolete devices, data, or applications
Attack Surface Intelligence
Discover and Defend Your Changing Attack Surface
Cyberthint Attack Surface Intelligence provides a persistent view of an organization’s digital infrastructure and associated risks to stay ahead of changes, abnormalities, and exploitable vulnerabilities.
External Attack Surface Management (EASM) tools help organizations continually find new or exposed internet-facing assets. Cyberthint goes above and beyond; powered by the world’s largest archive of past and present DNS history, Attack Surface Intelligence proactively finds exploitable vulnerabilities, misconfigurations, and out of policy assets to help organizations reduce business risk.