Prompted by Russia's invasion of Ukraine, the US Cybersecurity & Infrastructure Security Agency (CISA) has issued the Shields Up guidance advisory. This valuable resource features best practices that organizations of all sizes should adopt in response to today's heightened state of cybersecurity risk.
Shields Up is crucial for your team's efforts in assessing your cybersecurity posture and resilience, as well as for reinforcing improvements. Since CISA issued the guidance, the SecurityTrails team has worked with customers to navigate and meet the recommendations, and to strengthen their resilience in the wake of emerging threats.
We've outlined the guidance offering recommendations for reducing the likelihood of a damaging cyber intrusion, and for showing how organizations can secure their perimeter. This time, we'll take a closer look at the steps highlighted by CISA.
- Know what you have to protect
- In conclusion
Know what you have to protect
One of the first steps of building a resilient cybersecurity posture is understanding how extensive your external infrastructure is, and CISA recognizes this. Your internet-facing assets make up much of your attack surface, and threat actors are constantly scanning the internet for vulnerable targets to attack.
Based on the general explanation provided by CISA, we are recommending that organizations get started on strengthening their resilience and cybersecurity posture through attack surface intelligence.
You can't protect your organization without visibility into your internet-exposed IT assets, all of which can be seen by adversaries. Fortunately, our Attack Surface Intelligence (ASI) platform will engage your awareness of your entire external infrastructure while persistently monitoring your attack surface. With ASI, you'll know what you need to protect at all times.
Take inventory of your external attack surface
First, you'll want to identify all IT assets that belong to your organization, including cloud assets, acquired companies, and all newly added assets. While some of these assets can be easily missed, they can be quickly discovered by attackers' recon tactics. And if these assets contain a misconfiguration or are running outdated technologies, they can be leveraged as an entry for adversaries.
From there, discover additional externally exposed assets and externally identifiable information about them. You'll be able to explore your hosts and see them by their IP, detected server, certificate issuer, WAF, and backend technologies.
See the unknown parts of your infrastructure
With unknowns, there’s really no way of knowing which are completely harmless and newly spun up cloud instances. An unknown, then, is one of your biggest risks—as you can't even begin to manage something out of your scope of visibility.
Whether they're shadow IT, legacy servers, dev and staging subdomains, or assets inherited and missed during an M&A deal, these blind spots can present a critical security risk and affect your security posture.
ASI enables you to be proactive with these gaps in visibility by providing you a chronological representation of all newly discovered assets. With it, you can stay continuously aware of your attack surface, including all the unknown and usually unmanaged areas.
Manage your port inventory
Port scanning is usually one of the first steps taken by threat actors when they begin to perform reconnaissance on your organization. Shields Up specifically highlights the need to inventory and disable all open ports and protocols that are not essential for business purposes.
With an inventory of open ports and services on each port provided by ASI, you can identify your weaknesses through the detection of unusual services running on your systems. This way, you'll find any firewall port-filtering misconfiguration issues, and gain greater control over your attack surface.
Control remote access
As remote work is becoming more prevalent across organizations of all sizes, there might be a lack of control over who and what connects to your network. That's why another important step in strengthening your resilience to emerging network threats, as advised by CISA, is to validate all remote access to your organization's network.
Our Attack Surface Intelligence platform enables your team to detect external-facing assets that have remote access running, allowing you to monitor for any unusual behavior and mitigate potential threats.
Furthermore, remote workers often use a remote VPN to access your organization's network. For this reason, ASI also allows you to discover all VPNs used on your network.
Uncover exposures on assets
Once you've discovered all of the assets in your IT infrastructure, it's time to analyze them for any exposures. Adversaries can easily exploit the merest negligence on your part, such as a misconfigured asset, data exposure, encryption weakness or a known CVE. To stay one step ahead of threat actors, you'll need to be able to detect such security risks across your external-facing infrastructure and know how to prioritize those risks for mitigation.
With ASI's newly released Risk Rules feature, you'll see which hosts have vulnerabilities and misconfigurations that inform their overall their risk score—so you'll know exactly how to prioritize your assets.
During this time of heightened cybersecurity risk, organizations of all sizes should take the steps necessary to improve their security posture and resilience to emerging threats. One of the first steps toward protecting your infrastructure from damaging cyber intrusion is to maintain full visibility and control over your external-facing assets.
An attack surface intelligence platform like ASI can help your organization navigate the CISA's Shields Up guidance advisory, and enable you to easily discover your critical assets along with any risks associated with them. This way, you'll be able to reduce the likelihood of a damaging cyber intrusion by Russian threats.
Act fast, armed with trustworthy data!