How EASM helps big organizations to understand and secure their external attack surface
Most CISOs would agree that knowing the full breath of your external attack surface is essential for 2 reasons:
- Internet-facing assets are constantly tested and attacked by automated hacker tools for weaknesses.
- You cannot protect what you don’t know.
For example, one popular method of ransomware gangs is to infect the organization via a Windows Remote Desktop Service (RDP) that is exposed on the internet. If successful, they have full control over a PC or server and can launch malware. Read more about how these attacks are conducted here.
The CISO's challenge: The fog of cyberwar
Cybersecurity teams and CISOs of big organizations find it increasingly harder to understand all the internet-connected IT assets that are deployed.
Very often cybersecurity is centralized because of the benefits it can bring on several domains. Big organizations usually have one or more of the following characteristics responsible for generation fog.
The characteristics below make it very hard for centralized security teams to understand their external attack surface. They need to find alternative strategies and tools that lift the fog around their internet-facing IT assets, so they can clearly see what needs to be done.
1. Grown via M&A: Over time they have grown via multiple acquisitions.
2. Independent brand strategies & holding structures: Specific brands are created to tackle the market needs in the best possible way. They deploy shadow IT, apps and websites.
3. Geographically dispersed IT teams: Multiple IT teams across the globe are responsible for local IT assets of local business lines.
4. Independent business services: Due to fast time to market requirements, business lines work with innovative IT partners and skip a centralized IT service.
5. Multi-cloud strategies: Smart organizations select multiple cloud providers for several reasons, including: cost optimisation, unique features & products certain clouds offer and historical reasons.
Lifting the fog of cyber war using an EASM platform
Until better solutions or processes are established into the organizations, CISOs need to improve the organizations’ external security posture NOW. Sweepatic is designed from the ground up to do just that. We discover known and unknown IT assets via DNS enumeration instead of starting from a list of known IP addresses. Sweepatic deploys several methods to discover (unknown) IT assets which include: Analyzing websites, historical and current IP to DNS data resolutions, port scans, certificate inspection, certificate transparency logs, domains registrations, top-level domain swaps, etc. On top of that, discovered assets usually leave clues that link to other IT assets.
IT assets that are discovered also get analyzed by our security scanner for weaknesses. Learn more about how this works here.
Centralized external attack surface intelligence but decentralized follow-up.
The board, the CISO and centralized cybersecurity teams of big organizations want central cyber intelligence insights about their external cyber security risk posture. However, solving the (technical) issues is usually up to a diverse set of technical and less technical teams.
Professional EASM platforms, and also Sweepatic, support this need via several subsidiary-based monitoring features. This includes:
– Sub-scopes match the different subsidiaries and responsible domains: The discovered attack surface can easily be divided into logical sub-scopes.
– Subsidiary based reporting and benchmarking: The central cybersecurity office and management gets to see the full picture and can compare different brands or departments with regard to their security posture.
– Subsidiary based user access: IT staff gets to see the external attack surface they are responsible for so they don’t need to search for what they need to fix.
– Easy sharing of risks found: Extra IT staff is easily invited to the platform and assigned to specific risks they need to solve. Additionally, all the available information about specific risks can be easily shared outside the EASM platform.
Contact Sweepatic to discover unknowns in your attack surface
Our customers leverage the Sweepatic Platform’s discovery capability to continuously find known and unknown IT assets. Additionally they use our platform to follow up on a prioritized list of security issues discovered, start the remediation process and thus become as an organization more cyberresilient.
On top of our powerful discovery engine, we automatically inspect and report on security issues like vulnerabilities, misconfigurations in email/DNS/Web, weak encryption, expired and weak SSL certificates, exposed databases and file shares, exposed administrative access and much more.