enterprise security

SecurityTrails Blog · Feb 17 · by Esteban Borges

5 Steps to Protect Your Enterprise’s Attack Surface

Reading time: 8 minutes
Listen to this article

With the increases in cyber attacks and vulnerabilities detected every day, it’s become even more challenging to stay on top of every aspect of your organization’s security.

Securing your organization is no longer as simple as it was in the past, thanks to the rise in various types of attacks—including targeted attacks towards employees in the form of phishing emails, DNS hijacking, and organizations prioritizing application availability and spreading servers/cloud deployments over various cloud providers. Also, tech stacks and software libraries used in your applications are growing larger with various dependencies, leading to further complexities with regard to an organization’s overall security.

How the attack surface grows with any organization

With the advent of the global pandemic, remote working has become the go-to solution for organizations all over the world. This, in turn, has yielded consequences such as the rise in social engineering attacks, and other forms of targeted attacks. This is because each employee of an organization has become even more targetable while working in a non-maintained home networking environment.

For example, if an employee works from home, the employee is often connected to the internet with an ISP-provided WiFi router and modem. These devices frequently run with firmware that is vulnerable or outdated, as they don’t receive updates as often as enterprise-based networking gear. So if the same employee works from an office, where enterprise-grade firewalls and networking gear are used, a certain amount of risk is eliminated—risk that could originate from compromised networking gear.

While VPNs provide a great amount of security for accessing a corporation’s internal assets, there is always a risk of malware entering the employee’s work devices through compromised networking gear at home, whenever the VPN connection is disconnected or disrupted.

Looking beyond an organization’s employees

With increasing demands in the reliability and availability of an organization’s products, today’s organizations have been forced to spread assets over various cloud providers. In the past, a single cloud provider would most likely handle a complete application end-to-end, but spreading an application across multiple cloud vendors has caused a notable increase in the size of the attack surface, with each cloud provider handling ACLs differently—at times, even working with differences in UI or the way certain tasks are handled within a cloud provider.

And with multiple cloud vendors, the number of attack vectors increases as well. One cloud vendor getting compromised can lead to the entire application getting compromised.

Putting the size of an organization aside, the tech stacks and libraries it uses can also lead to security-based issues. While using popular software libraries is generally considered a good idea, a vulnerability among them can lead to much larger issues.

Consider the recent impact of the vulnerability in the Log4J library, a simple yet widely used logging tool. This led to multiple compromises of web applications, all of which needed immediate patching as a large number of the organizations affected had these applications operating on the public internet.

Simply put, your attack surface is as spread out as your organization is, and on all fronts. The more widespread your resources (such as employees, cloud servers, tech stack/libraries, etc.) are, the larger your attack surface grows.

How can you safeguard your attack surface?

To begin using SecurityTrails Attack Surface Intelligence (ASI), head over to your account and click on “Access SurfaceBrowser™”.

  • Next, click on the “Projects” option in the navbar
  • Once there, click on “Create a New Project”
  • Give your project a name and enter the domain name of your organization, then click on “Create Project”

Now, let’s take a look at five ways in which your organization can leverage the power of the SecurityTrails ASI tool:

1. Asset mapping/discovery using the Explorer tab

With ASI you can map the assets of an organization. While most organizations keep a known list of hosts, servers, and other virtual assets, assets can always be missed or simply forgotten.

Attack Surface Intelligence helps you map and discover all of your organization’s assets, for an automated, straightforward overview that leaves no room for human error.

Let’s take a look at asset mapping and discovery via the Attack Surface Intelligence tool:

Asset mapping

Using the Explorer tab provides a complete overview of an organization, including key insights such as which network is accommodating host servers, the ability to filter IP ranges/addresses used by the host, and the ability to filter hosts by open ports. The Explorer tab also allows you to look into SSL certificates deployed within your organization, along with which common name they share. And while using self-signed SSL certificates is generally acceptable for testing deployments, the Explorer tab allows you to find them.

2. Inventory updates using ASI

Knowing exactly where an organization’s inventory is hosted is important; without knowing ‘what is hosted where’ creates a challenge in knowing what exactly should be scanned and secured away. Furthermore, as organizations rely more and more upon remote work, identifying VPN endpoints and remote access entry points becomes a critical issue as well.

Inventory updates using ASI

The Inventory tab is a key feature that gives you a good overview of the hosting services used by your organization, with the first view giving you a graphical view of the number of hosts you have at each organization. You can also see hostnames that point to local IP addresses (such as 127.0.0.1), remote access gateways (important to secure as these are often the gateways into your organization’s internal services), and last but not least, VPNs hosted within the organization.

3. Prioritizing risks using The Risks tab on ASI

When it comes to securing organizations, it’s important to know what needs to be secured first—or simply, which areas are more dangerous or urgent than others.

Prioritizing using the Risks tab on ASI

While prioritizing risks within your organization may seem daunting, using Attack Surface Intelligence (ASI) makes this task easier than ever. Key risks are listed upfront for you and your team—allowing you to prioritize the actions you need to take for securing your organization.

The Risks tab helps in finding open database ports within your organization; open database ports are frequently the main source of compromises, with misconfigured or vulnerable ACL features within the database software. The risks tab can also list hosts within your organization using self-signed SSL certificates, as well as any staging and dev subdomains used within your organization.

4. Take action—with all the cards on the table

With the constantly growing virtual footprint of today’s organizations, security teams struggle to keep up with the sheer number of assets they must discover and scan manually. And one missed vulnerable host can compromise an entire organization.

ASI allows your security team to stay on top of any possible security risks your organization may face. ASI gives you a complete overview of your organization’s security status, from automated asset mapping and discovery, to building up an inventory of your organization’s virtual assets, to helping identify and prioritize risks faced by your organization, and finally to providing you with a complete overview of your organization’s activity.

All of the valuable information this powerful tool can provide contributes to an organization’s security process becoming far more streamlined and straightforward. ASI lets you know what exactly is going on in your organization’s virtual space, and what exactly needs to be secured.

5. Proactive asset monitoring using the ‘Activity’ tab

Virtual assets change all the time. Hostnames, servers, and other virtual objects are created, used, and destroyed in a matter of minutes via automated testing tools, continuous integration (CI) and continuous delivery (CD) setups.

With proactive asset monitoring made possible by Attack Surface Intelligence, one can learn exactly which virtual assets have been seen on the public internet, as well as when. This allows your organization’s security team greater comprehension of usage patterns within your organization, and also helps them find any security-related shortcomings lurking among the various automated processes your organization is running.

Proactive asset monitoring

In larger organizations that work across various time zones, it isn’t always possible to monitor every single change, such as new hostnames made within the organization. That’s why keeping an eye out for usage patterns and when changes occur within the organization provides a terrific advantage.

The Activity tab allows one to view a historical changelog of hostnames detected within one’s organization, with a color-mapped grid that changes in hue from light green to dark green depending on the number of changes seen on that very day.

Summary

Safeguarding your organization has never been more important than right now, with the growing number of cyber attacks on all fronts poised to be the norm for years to come. It’s imperative for organizations to stay on top of all of their security policies, and for all of their assets, both virtual and physical.

Such a challenge, of course, is ever-evolving. Various forms of attacks are launched, from targeting employees of organizations to preying on complete applications via the vulnerabilities present in their own libraries and modules.

With SecurityTrails Attack Surface Intelligence (ASI), staying on top—and ahead—of these various security challenges becomes not only easier but also more streamlined. Proactive monitoring, virtual asset discovery, and risk identification and classification are all handled by this powerful ASI tool, further allowing you to prioritize those tasks which are most critical to your organization’s security.

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

X