Last Updated on March 16, 2023
It seems like every week a new vulnerability surfaces that organizations need to be concerned about, evaluate and potentially address. How can you even keep up, let alone be proactive in addressing your exposure and risk?
An emerging solution set that helps enterprises understand and mitigate lurking and looming risks is attack surface management. These tools and services can provide insight on a wide range of internet-facing assets that could leave you open to threats.
On a recent episode of The Virtual CISO Podcast, our guest Steve Ginty, Director of Threat Intelligence at RiskIQ, explained how attack surface management can provide new levels of insight into vulnerabilities to support quick, targeted action. Hosting the podcast is Pivot Point Security’s CISO and Managing Partner, John Verry.
Creating a smaller haystack
A gargantuan challenge for organizations is sorting through staggering amounts of ever-morphing web data looking for clues that could help identify their issues. Through big data analytics, RiskIQ seeks to make this effort more feasible.
“We’re trying to create a smaller haystack for organizations to go rifle through when yet another vulnerability comes out,” shares Steve. “It seems like the tempo is daunting at best. And every week, there’s something new to understand and manage. What we are trying to do is point you in the right direction to where that vulnerability may exist in your organization and give you context around it.”
Steve continues: “Is there proof of concept code? Are there actors that we know of that are exploiting it? Does it target a specific vertical? We want to help you make better risk decisions around your vulnerability management program. Because as security professionals, I think if we go to the vuln management team one more time and tell them that they have to patch this critical RCE [remote code execution], they’re probably gonna all kill us.”
“We’re trying to make it easier for organizations to understand the risk profile of a given vulnerability based on threat intelligence information layered over what we know of the vulnerability, and how big it is on the internet,” Steve adds.
A perfect example is the multiple attack vectors targeting on-prem Microsoft Exchange servers in recent months. RiskIQ can tally how many servers are vulnerable when an exploit emerges, and how many are still at risk a week after a patch is released. This gives customers a sense of the scale of the vulnerability.
A scan a day keeps the hackers away
RiskIQ updates its scans daily across all of IPv4. “We’re trying to keep as up-to-date as our scanning capacity will allow,” says Steve. “For customer assets, you can tell us how often you want us to crawl a website and we will queue it into our system to be crawled. It could be daily, it could be weekly, it could be monthly depending on how important that site is to you.”
The point of these non-credentialed crawls is to understand how a webpage is interacting when a typical user would encounter it. This helps reveal code injections (e.g., for credit card skimming), dependencies, and so on. It’s a great way to find out before your customers do if there’s a problem with one of your web applications.
Want to hear this cutting-edge show with Steve Ginty? Click here: EP#69 – Steve Ginty – Can You Benefit From Attack Surface Management? – Pivot Point Security
Interested in more insight on how emerging technology can help make your security program more proactive? Try this podcast episode with Chris Nyhuis, CEO of Vigilant: https://pivotpointsecurity.com/podcasts/ep50-chris-neyhuis-how-edr-ndr-help-you-make-better-security-decisions/