Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Perspectives

Attackers Breach FireEye – An Attack Surface Security Reminder

Raphael-Reich
By Raphael Reich
Was Vice President of Marketing at CyCognito
December 15, 2020

As if the world needed any more convincing,  the recently disclosed breach of FireEye made clear that even top name security companies have difficulty keeping safe from attackers. We’re monitoring the rapidly unfolding details and will discuss more as the story evolves, but it’s a clear reminder that organizations need to monitor and secure their attack surface.

The challenge of fully defending valuable assets, business infrastructure and secrets is daunting, with odds firmly on the attacker. It is not, however, a futile endeavor. Security teams can shift the balance through new strategies, practices and technologies.

Shifting the Balance

A good starting point for shifting the balance is with an understanding that attackers generally operate with business-like discipline. This means that they want to minimize costs and risks and maximize results. While the attack on FireEye was from a nation-state presumably for political purposes rather than for financial gain, the same principle applies.

Minimizing costs and risks drives attackers to choose the path of least resistance to gain access to an organization’s assets and infrastructure. Sometimes, the path of least resistance is compromising a user’s computing device or account. While this is still a highly effective way to initiate a data breach, there are a growing number of tools (e.g., User and Entity Behavior Analytics (UEBA) solutions) that look for anomalous user, machine or network behavior and may be able to detect an in-progress attack .

Another very effective way to conduct an attack is for attackers to find exposed assets that are not monitored by an organization. Nearly all organizations have these, sometimes in great numbers. These can be systems or digital assets run by a partner or third party and not under the control of the organization, but with a viable pathway to the organization’s applications and data. Sometimes they are shadow IT – IT provisioned by an employee or group within the company without the knowledge or supervision of IT. They may even be forgotten assets, long ago abandoned but never taken out of commission.

Knowing that attackers commonly target these blind spots, a proactive approach to shifting the balance away from bad actors is to identify assets that are currently out of view of the IT and security teams. Most organizations are so focused on protecting assets they already know about that they have little time to consider those that are unknown to them but readily found and exploited by attackers. This common but counterproductive security habit must change. Every organization should add practices and technology that can find all attack surface assets and make that a foundational aspect of their security program. 

CyCognito’s EASM Solution

CyCognito provides a full solution for discovering these assets, identifying critical risks they may be harboring, and prioritizing risks according to their business impact. It’s important to monitor for this hidden risk, known as shadow risk, on an ongoing basis. Gartner recently named CyCognito a Cool Vendor in recognition of our groundbreaking efforts, highlighting our platform’s relevance to digital transformation and pandemic resilience.

Of course improving security and shifting the attacker-defender balance in favor of the defender involves a wide range of strategies, practices and technologies. But, starting with one of the most basic and generally unaddressed security gaps is not only sensible but critical. A full view of the attack surface is a foundational step that should cover assets that are known, unknown, managed, unmanaged, on-premises, in the cloud, and in partner and subsidiary environments. For effective digital risk management, it’s important to evaluate the attacker view of your assets and eliminate their paths of least resistance into your network and then move on to advanced practices to further evolve your security.


Topics



Search the Blog



Recent Posts






Tim Matthews
How to Budget for EASM
By Tim Matthews
November 18, 2024


Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.