What’s happening in the attack surface market: mitigating threats in the cloud era

For an increasing number of organizations, the explosion in attack surfaces has reached unmanageable levels amid the COVID-19 pandemic and the widespread adoption of cloud services. In fact, research shows seven in 10 organizations have been compromised by an unknown or unmanaged asset. 

As remote working has grown more popular during the pandemic, environments that sprawl across on-premises and cloud environments have expanded enterprise attack surfaces to the point where they can’t be secured through traditional IT security approaches alone.  

One of the key challenges in the explosion in attack surface is that organizations find it difficult to identify exposed assets, and thus fail to address any software vulnerabilities that they possess. 

“Internet-facing assets on the attack surface can have software vulnerabilities or misconfigured, while user/admin credentials can be stored in clear text. Cyber-adversaries use automated tools to scan for these vulnerabilities and can then use them for exploitation as part of cyber-attacks,” said senior principal analyst and ESG Fellow, Jon Oltsik. 

The attack surface management market 

As more organizations struggle to keep up with the increasing attack surface, many providers are emerging with attack surface management solutions to help automate the discovery of these exposed assets, with providers including CyCognito, Randori, and NetSPI. 

As Gartner Senior Principal Analyst Mitchell Scneider suggests, ASM platforms “can help answer questions, such as ‘what does my organization look like from an attacker’s point of view. Based on that, where should I prioritize my resources in mitigating/remediating issues that attackers are most likely to exploit?’” 

In other words, they provide the user with a continuous view of infrastructure throughout the environment and any exposure to external threats. 

These solutions sit loosely in the vulnerability management market, which researchers expect to reach a valuation of $2.51 billion by 2025 as organizations look for scalable solutions to secure their environments.  

It’s important to note that ASM platforms have the potential to eliminate repetitive manual tasks not only for penetration testers and red teams, but also provide under-resourced security teams with a solution for automatically discovering and securing assets. 

CyCognito launches Exploit Intelligence 

One of the biggest providers in the market is CyCognito, an ASM vendor currently valued at $800 million, which earlier this month added a new surface intelligence tool called Exploit Intelligence to its set of existing external ASM solutions.

Exploit Intelligence’s launch was conveniently timed after the discovery of the Log4j vulnerability, and provides enterprises with a solution for automatically discovering external assets, testing vulnerabilities, and generating threat-based insights. 

“The recent Log4j vulnerability proved that most security teams lack the visibility they need into a company’s attack surface to neutralize potential threats. This is not something that can be remedied with classic firewall and endpoint solutions. Today, finding unknown and unmanaged assets simply isn’t enough. Modern security teams also require the business and risk context in order to prioritize and neutralize any potential threats,” said CyCognito CEO and cofounder, Rob Gurzeev. 

For CyConito, the answer to this challenge is to proactively identify assets, apps, and devices connected to the network, and test their security posture. 

Exploit Intelligence does this by scanning “… billions of applications, servers, and devices across the Internet to contextualize and identify internet-exposed and unmanaged assets that could serve as entry points for attackers, and perform security testing on the assets and prioritization of the risks.

Randori aims to become the ASM’s automated red teaming leader 

Another leader in the attack surface management market is Randori, which delivers a tool that can automatically discover and monitor attack surface assets from the perspective of an attacker and prioritize them according to risk. These asset include  services, IPs, domains, networks, and hostnames. 

Randori successfully raised $20 million in series A funding in 2020 and earlier this week announced the launch of its new channel program with partners including AccessIT Group, DeFy Security, Eversec Group, Gotham Technology Group, Optiv, Set Solutions, and Veristor. 

One of the key features differentiating Randori from other providers in the market is its continuous automated red teaming capabilities. 

With automated red teaming, organizations can proactively test infrastructure within the environment against real-world attacks to highlight how effective the organization’s defenses are under pressure. 

“Our platform emulates how real attackers operate. The way attackers discover a company’s attack surface, the way they prioritize targets, and the way they conduct attacks, said CEO and cofounder of Randori, Brian Hazzard. 

“We give organizations the opportunity to understand their opponent and validate their programs work in the real-world,” Hazzard said. 

This is a different approach to Cycognito, which is aiming to stand out from competitors by emphasizing automation, and automating tasks from asset discovery to attribution, and risk remediation to continuously mapping an organization’s external attack surface. 

NetSPI brings penetration testing to the ASM market 

As the need for ASM solutions increases, many security vendors are beginning to move into the space. One such provider is NetSPI, a penetration testing-as-as-service provider that’s raised $100 million in funding to date, who last month launched a new ASM tool that incorporates human penetration testing. 

NetSPI’s solution automatically scans attack surface assets and alerts users to high-risk exposure, while NetSPI’s internal team evaluates the risk posed by discovered issues and provides the organization with guidance on how to remediate them. 

The use of human penetration testing is unique in the market, and enables organizations to benefit from automated asset scanning alongside the rich risk insights of an experience penetration testing team, who can identify what threats a risk poses in a way that automated solutions cannot.