Attack surfaces are living things – they grow and change. And, much like any living thing, they need constant care. To see how those efforts are going, the Cortex® Xpanse™ research team studied the global attack surface and discovered that, as a whole, security teams are having trouble keeping up with needed risk remediation.
We monitored scans of 50 million IP addresses (over 1% of the entire internet) associated with 100+ global enterprises to understand how attack surfaces change, what exposures plague various industries, how long some exposures remain active, and to uncover the realities of attack surface management (ASM).
Looking at the data, we can see evidence of a vicious cycle. Organizations face a continuous stream of new attack surface issues, those issues are not all remediated, and those exposures become the low-hanging fruit sought out by threat actors as easy targets.
While zero-day vulnerabilities and sophisticated attacks get fancy nicknames and lots of media coverage, the majority of risks on the global attack surface are in more common software and services, like Remote Desktop Protocol (RDP) or exposed admin login portals.
The 2022 ASM Threat Report v2.1 features the breakdown of attack surface exposures by industry, based on data gathered between March 2021 and June 2022. The key findings are based on observable data and not self-reported surveys:
All of this data uncovers fundamental truths about attack surface management. First, visibility is paramount. If you don’t know where exposures live, it’s impossible to even know the full scope of your exposures and risks, let alone be able to remediate them all.
But, having a clear view of your attack surface is only as valuable as your ability to act upon the information you find, and far too many security teams throughout the world lack the needed resources, staff and/or expertise.
A comprehensive and continuously updated inventory of all internet-connected assets is the foundation of security work, but security teams need to ensure they implement resilient processes to help handle common issues like isolating or decommissioning assets running EOL software, mitigating RDP exposures or tracking new cloud deployments for misconfigurations.
Attackers scan the entire internet looking for weak points, so defenders should be doing the exact same. Armed with an attacker’s point of view, organizations can have a clear view of their attack surface gardens and ensure any issues are tended to. Without continuous care, it is all too easy to have new issues become persistent exposures and unmanaged assets.
To learn more about other critical findings on the unmanaged attack surface, based on observable data from 100+ companies, read the 2022 Cortex Xpanse Attack Surface Threat Report.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.