With cloud architecture, modern organizations benefit from greater flexibility, scalability and functionality, all while maintaining business continuity. Developers can spin up new services and applications to meet current business requirements and opportunities, all with the ease, speed and affordability that comes with not having to manage their own servers.
Today, organizations store tremendous amounts of IT assets in the cloud. Yet despite the irrefutable benefits of cloud architecture, there’s another side to the coin.
With so many new cloud assets being provisioned and decommissioned both rapidly and at scale, organizations frequently maintain limited visibility over their internet-facing perimeter and have incomplete asset lists that lead to a greater attack surface.
According to a new study by EGS, 70% of responding organizations report that maintaining their security hygiene has become more challenging over the past two years, due to the growth of their attack surfaces.
Incomplete cloud asset coverage: The cloud is both the solution and the problem
Organizations are increasingly migrating business-critical applications and sensitive data to cloud services. This has resulted in an exponentially growing number of assets—thus leading to a broadening of organizations’ attack surfaces—making it harder to keep track of all of their assets in the cloud. The often unmanaged cloud assets can be an easy entry way for external threats.
The same study presents a staggering statistic about this: 69% of organizations have experienced at least one cyber attack that was executed by exploiting an unknown internet-facing asset, commonly a cloud-based workload.
And when looking for a culprit, we need look no further than the very nature of cloud infrastructure itself.
Agile product development and DevOps aim to produce faster development cycles and frequent releases, which leads to reaching for new applications and services that live outside of the known, visible system. And because of the self-service model on which popular cloud services are built, it’s easy for anyone to spin up a new infrastructure. These infrastructures will be unknown to their security team, without verified adherence to any security policies.
Organizations with federated structures, remote offices, subsidiaries and those that often engage in M&A deals only further increase the risk of external threats to their cloud assets. These risks commonly come from misconfigurations, exposed cloud assets and expired certificates.
Furthermore, given the lack of necessary visibility over their entire digital footprint, as well as the dynamic nature of cloud environments, auditing and ensuring that assets are free of misconfigurations and/or functioning within policy becomes challenging. Consequently, organizations frequently risk non-compliance without monitoring their assets for compliance, including cloud instances.
How can you mitigate incomplete cloud asset coverage in your organization?
A comprehensive understanding of cloud assets and the ability to effectively and continuously discover, manage, monitor and calculate risk in them are at the center of controlling your attack surface and security posture best practices. Any gaps in visibility over your IT assets and cloud architecture are footholds that adversaries will use to get to your sensitive information.
While achieving 100% visibility into your internet-facing infrastructure might sound like a daunting and overwhelming task, it’s not an impossible one. Rather, striving to achieve and maintain such control over your attack surface and all assets in it should be considered a necessity for organizations with fluid infrastructures that continuously evolve and expand.
Attack Surface Intelligence (ASI) is our proprietary solution for providing you with complete and persistent visibility into your organization’s internet-facing digital assets, including your cloud environment, and any associated risk.
Up-to-date asset inventory should be at the core of every organization’s cybersecurity program. Having a complete asset list ensures that any unknown and unmanaged assets are uncovered and decommissioned.
Powered by the Total Internet Inventory™, Attack Surface Intelligence and its automated asset discovery and analysis make it simple to maintain a single, unified and accurate list of all discovered IT assets, including any cloud instances.
And acting as your single source of truth, ASI gives you insight into how many hosts are located on each of your IP addresses, all open ports on hosts for your organization’s domain, and what type of server technologies are used throughout the hosts.
As context is the key in any useful asset discovery process that you can operationalize, for any data record you discover through ASI, you can get additional information about the known services platforms and providers connected to each asset, all IP addresses that host that asset, as well as the hosting company responsible for it, making it easy to map and pinpoint all of your cloud assets.
With complete visibility into your external-facing infrastructure and an understanding of where each of your assets lives, you’ll be able to mitigate the risks of incomplete asset lists and unknown cloud assets more efficiently, further inform automating scanning and auditing, and dramatically reduce your MTTM (mean time to mitigate).
Asset inventory management
Data gathered through ASI’s asset discovery process provides a single pane of glass view into asset status, giving you greater control over previously unknown cloud assets.
This kind of an IT asset inventory offers numerous benefits that include providing a record of all of your cloud assets while going through cloud migration, their location and context for tracking purposes, which in turn increases governance, and also helps identify potential risks on them.
With ASI you’ll have a unified view and an inventory of all your discovered infrastructure data, but going one step further, you will be continuously advised on possible security issues that pop up on those assets, including:
- Hostnames that point to local/private IPs
- Hostnames that have ports opened for remote access or can be publicly accessed
- The locations from where all internet traffic in your organizations is coming from and all VPN endpoints that can be exploited if vulnerable
Asset risk prioritization
Having a detailed inventory of your IT and cloud assets is a great way to measure your overall risk. With the speed in which new cloud assets are added, and their often short life span, means that some risks are bound to happen.
But rather than going through your asset lists and manually, or by employing different tooling, analyzing them in order to uncover any risks, our Attack Surface Intelligence platform automatically discovers critical risks on all of your digital assets. This allows you to measure your risk and exposures, but also prioritize your assets based on their risks, so you can know which needs to have risks mitigated, or which assets need to be decommissioned.
ASI gives you a closer look at risks on your assets, such as open ports on your databases given how popular cloud databases are, self-signed certificates and when they are expiring and resources that are used for staging and development areas that might be leaking sensitive information. This way you will be able to monitor them for any changes that might be out of order and be completely aware of your digital risk profile.
Persistent monitoring of all of your digital assets is essential when we compare the time in which adversaries are able to discover vulnerabilities on them they can exploit, and the time it usually takes security teams to discover those same assets.
Reports show that threat actors can scan and inventory vulnerable services and assets in 15 minutes, but for security teams, the same process takes 12 hours. Given the dynamic nature of cloud assets, it’s clear that adversaries are much more adapted for the rapid discovery and exploitation (or in our case, mitigation). This can be mitigated by having persistent monitoring of your internet-facing infrastructure so you can spot any risks and misconfigurations in near-real-time.
ASI allows you to have a chronological timeline to show you how many assets were created each day and gives you additional information about each asset such as the type of the asset and useful information that connects that asset to known service platforms (crucial to spot any newly spun up cloud instances).
You can also keep up to date with any recent changes on your external infrastructure by setting up custom alerts that can inform you of any changes with a report provided on a daily or weekly basis. This way you will be able to detect any changes across your infrastructure and be the first to know when any new cloud assets are added to your organization.
Today’s attack surfaces are no longer static. With the surge in cloud architecture adoption, rapid development and provision mean your attack surface is constantly changing. And just as your attack surface changes, so does your threat landscape.
Every new, unknown and unmanaged cloud asset presents an open door to adversaries looking for a way into your network. Maintaining your security posture begins with knowing what you have, and what you need to protect.
Utilizing complete asset discovery, inventory, risk detection and prioritization with Attack Surface Intelligence, as well as persistent monitoring of your internet-facing infrastructure, including all cloud instances, is crucial in addressing these challenges.
Maximize visibility into your cloud architecture with ASI.