The benefits of automated attack surface management

Can security teams keep up with attack surface risks without automated processes? Survey data indicates that the answer is no.

In a 2023 survey of IT and cybersecurity professionals, nearly three-quarters (72%) said attack surface discovery alone takes more than 40 person-hours to complete. That does not include the additional time it takes for security teams to analyze the discovery data, prioritize actions and mitigate risks. Meanwhile, nearly two-thirds (62%) of organizations said their attack surface grew over the past two years.

To keep pace with attack surface risks, more organizations need to use automated tools. Here’s why.

Manual attack surface management costs time

Staying ahead of an expanding enterprise attack surface is almost impossible with manual or disconnected processes. Consider how often someone installs a service or deploys an asset connected to your network and the wider internet. Every time they do, your organization’s attack surface grows.

Many of these assets are poorly configured from the point of initial deployment. Others, like unauthorized SaaS tools and personal accounts, are unknown to your IT team in the first place. The typical company has around 30% more assets connected to its network than its security team knows about.

Even known and properly configured assets can put your organization at risk of cyberattacks when certificates expire, or assets end up unpatched. Every security professional can recognize at least some of these challenges, and most organizations are home to hundreds of attackable assets.

A 2022 analysis of Fortune 500 companies found that the average organization has around 476 common vulnerabilities and exposures (CVEs) in its external attack surface. Attackers are aware of this fact. They scan corporate networks for attackable assets that host CVEs and often find them.

To find attack surface risks before the bad guys do, security teams also look for these potential attack vectors. An organization’s security team might analyze certificate transparency logs or brute force domains connected to their networks to discover what’s out there.

However, in the race against threat actors, time is another enemy. Consider the following:

• Ten hours is all it takes for a hacker to find an exploitable vulnerability in an organization’s attack surface.
• Five hours later, most hackers will exploit that vulnerability and achieve network access.
• One and a half hours after the initial breach, an average hacker can move laterally inside an organization’s network.

These findings are based on real-world, ethical and criminal hacker activity and show how vulnerable your organization may be from an attacker’s point of view.

In around 16 hours, an “average” threat actor can scan your attack surface, find an attackable asset, compromise it and start moving around your network. This timeline is likely even shorter if you become a target for an advanced cybercriminal group.

Can your team discover your evolving network attack pathways and decide which ones to remediate in this timeframe? Can they do so continuously? It takes more than 80 hours for the average organization to build a picture of their attack surface and only 26% of organizations perform continuous attack surface management. Unfortunately, most organizations continue to rely on disparate tools, spreadsheets and manual processes, which are not scalable to address growing attack surfaces.

Automate attack surface management in four steps

Automation dramatically shortens the time it takes for defenders to understand and act on attack surface risks. The core cybersecurity benefit of automation is the ability it gives security teams to sort through vast databases of information and take intelligent, automated actions faster. It takes a long time to discover and understand an attack surface, but by automating asset discovery and aiding prioritization, an automated attack surface management (ASM) platform like IBM Security Randori Recon can deliver actionable insight in real-time.

Automating attack surface management has four key steps:

1. Asset discovery: Automating the discovery of internet-facing hardware, software and cloud assets that could act as entry points for a hacker. An automated tool can rapidly assess the likelihood that an asset is connected to a network.
2. Classification and prioritization: Looking at assets cataloged during discovery and investigating them based on how they are exposed, why they are exposed and how likely they are to be attacked. Beyond telling you that an asset hosts a vulnerability, automated tools can show you the probability that a particular asset will put you at risk.
3. Remediation: Armed with context from the previous two stages, security teams can be more efficient in their remediation efforts.
4. Monitoring: Automation makes continuous monitoring possible. An automated tool can give security teams a real-time view of changes in their organization’s risk from the perspective of a threat actor.

Start automating attack surface management with IBM Security Randori Recon

Attack surface management (ASM) is a process of asking questions about your attack surface from an offensive security point of view. Where are the network entry points? How easy are they to exploit? Which ones are going to be attacked first?

Manual processes make it impossible to answer these questions before threat actors do. Automation, on the other hand, is a shortcut to rapid insight. Automating ASM with IBM Security Randori Recon helps security teams gain real-time insight into dynamic attack surfaces and see themselves from an attacker’s point of view.

Learn how your organization can benefit from IBM Security Randori Recon and sign up for a free Attack Surface Review

The post The benefits of automated attack surface management appeared first on IBM Blog.