How to Reduce the Attack Surface Created by Your Cyber-Tools

IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
David Monahan
Managing Research Director
EMA
How to Reduce the Attack Surface
Created by Your Cyber-Tools
Benjamin Powell
Technical Marketing Manager
RiskIQ

Watch the On-Demand Webinar
Slide 2
• How to Reduce the Attack Surface Created by Your Cyber-
Tools On-Demand webinar is available here:
http://info.enterprisemanagement.com/how-to-reduce-the-
attack-surface-created-by-your-cyber-tools-webinar-ws
• Check out upcoming webinars from EMA here:
http://www.enterprisemanagement.com/freeResearch

Today’s Speakers
Benjamin Powell, Technical Marketing Manager, RiskIQ
Benjamin has worked in IT for over 30 years, focused on IT security for the last 14 years.
Prior to RiskIQ he was a founding employee at AccelOps, a SIEM company where he ran
Professional Services and Product Marketing. Benjamin has worked and managed IT and
cyber security teams in numerous industries (state government, international airport, port
district, education, biotech, file encryption software, and financial services).
David Monahan, Managing Research Director, Security and Risk Management, EMA
David is a senior information security executive with several years of experience. He has
organized and managed both physical and information security programs, including security
and network operations (SOCs and NOCs) for organizations ranging from Fortune 100
companies to local government and small public and private companies. He has diverse audit
and compliance and risk and privacy experience such as providing strategic and tactical
leadership to develop, architect, and deploy assurance controls; delivering process and policy
documentation and training; and working on educational and technical solutions.

Logistics for Today’s Webinar
An archived version of the event recording will be
available at www.enterprisemanagement.com
• Log questions in the chat panel located on the lower
left-hand corner of your screen
• Questions will be addressed during the Q&A session
of the event
QUESTIONS
EVENT RECORDING
A PDF of the speaker slides will be distributed
to all attendees
PDF SLIDES
Logistics for Today’s Webinar

David Monahan
Managing Research Director
EMA
How to Reduce the Attack Surface
Created by Your Cyber-Tools

Defining the Attack Surface
6 © 2019 Enterprise Management Associates, Inc.
• The attack surface is the collection of all exposed assets
that create points in which an unauthorized entity may be
able to access the environment or access sensitive
information about the environment or about its users.
The attack surface is constantly changing as the business
moves to meet its customers’ and users’ needs.

INDUSTRY ANALYSIS & CONSULTING7 © 2019 Enterprise Management Associates, Inc.
Attack Surfaces are Pervasive
Cloud
Digital
Transformation
Projects
Mobile
Tools
Infrastructure
Social
Media
Software
Dark
Web
IoT

Digital Transformation
• 73% of organizations already have some form of digital
transformation underway
• Digital Transformation Goals
• Reduced risk overall (29%)
• Improved IT productivity (22%)
• Reduced security costs (16%)
• Improved security productivity (16%)
• Digital transformation intentionally exposes more IT
resources to its business partners and external customers.
• Reduced IT costs (15%)
• Reduced risk in vulnerability management (15%)
• Better collaboration within IT groups (14%)

Software and Apps
• Programmers get paid to produce functional code, not
secure code
• 92% of applications share the same flawed open-source and other
third-party components
• Attackers exploit flaws in business processes through software
interfaces
• Apps can leak data
• Database SQL-injections
• Web-attacks and redirects
• Malicious advertisements
• Admin interfaces (internal and external)
Organizations of 5K or more
people have been found to have
over 1M vulnerabilities across all
systems and applications in the
course of one year.
EMA- “Day in the Life of A security Professional” Research

Tools
Antivirus/NGAV/EPP/EDR
SIEM
Vulnerability Management
Cloud Data Encryption
WAF
Risk Management (Internal)
IAM/PAM/Etc.
Security Analytics
Web Security Gateway
DDoS Protection
HSM
Remote Access
User Awareness Training
Threat Intel Feed
NAC
Advanced Breach Detection
App Sec Testing
RASP
Third-Party Risk Management
IRM/DRM
CASB
SOAR
Bot Detection and Protection
DLP
Deception Technology
Security Policy Automation
eGRC
Attack Simulation
On average,
security teams
use 10 different
consoles to
manage their
security tools.
Some use as
many as 22
different
consoles.
Each deployed
tool creates an
attack surface
internally and/or
externally

IoT, IIoT, OT
• 82% of enterprise organizations indicate they have an IoT/IIoT or OT project
underway or are in the planning phase
• Consumer IoT = Privacy, IP, and trade secrets
• Commercial IoT = Direct effect on business operations and personnel health
and welfare
• Industrial IIoT and OT = Largescale effect on populace health and welfare
73%
68%
51%
Commercial
Consumer
Industrial
Types of IoT devices
deployed, operated, or
managed within enterprise
environments

Current Threat from IoT, IIoT, and OT devices
Extreme to Very High
73%
Others
27%
Managed IoT
Extreme to Very High
49%
Others
51%
Unmanaged IoT
49%
26%
25%
My organization has been attacked using an IoT device
One of my organization's IoT devices was identified as
part of an attack
None of the above

• Brand jacking/infringement
• Fraud
• Reputation damage
• Customer hijacking
• Over-clicking
• Malware injection and other
attacks
• Oversharing/unauthorized
disclosures
• M&A
• Intellectual property
• Internal projects
• Data/accounts
• Launchpad for other attacks
Social Media
• More than 500 fraud-driven groups with more than 250K members have been
identified across social media
• 57% of organizations have a High to Very High concern with their risk of
sensitive data leakage due to inappropriate sharing

Infrastructure and Cloud
• Every exposed system is a target
• UI
• Credentials
• Unmaintained, lost/forgotten sites/systems
• Data
• Know your security responsibilities in the cloud
• Each delivery method has different customer requirements
• IaaS, PaaS, SaaS, shadow IT
During asset
discovery, in any
given organization
there are at least
25% more assets
connected to the
network than are
cataloged.
ForeScout Technologies research

Mobile
• Fake/Copycat apps
• Trojan or malicious apps
• In-app Adware
• Leaky Apps
• Unauthorized connections
• Phishing
• Wi-Fi Attacks
Depending upon the
country, between
10% of US users
and as many as
40% of users in
other countries had
a malicious app try
to install malware
on their device
3rd-party app stores
are as many as 1 in
5 apps were
malicious
Lessons from the War on Malicious
Mobile Apps

What to Do!?!
• Define your attack surface
• Identify each surface (We just covered those…)
• Identify and map to define a risk profile for each
 Group targets by function or type
• Maintain the exercise over time
• Watch for new external authorized and unauthorized surfaces
 Continual assessment and update as things change
• Not a “one and done”
 This is a formal risk management exercise!
• Automation is imperative at Internet-scale
• Another Resource: OWASP Attack Surface Analysis

ATTACK SURFACE
MANAGEMENT
The New Security Imperative
Benjamin Powell
Technical Marketing Manager

© 2018 RiskIQ | Confidential Information 1
8
YOUR ATTACK SURFACE IS
DYNAMIC & GROWING.
What's Driving Attack Surface Growth?
5x
Cloud Spend Growth
vs IT Spend
Digital
Transformation
25% of Budgets
60+% IT Spend
Driven by Business
Units
Multi-Channel Apps
& Engagement
Web, Mobile, Social
Is it Truly Managed?

9
THE RISK ARE HIGH
- THE IMPACT'S SIGNIFICANT
2016
57 million customers
and drivers
2017
148 million customer
accounts
2018
40,000 account
holders
2017
200,000 computers were
infected across 150 countries
2018
380,000 customers
affected
WannaCry
2018
45 million monthly
visitors affected
75% of breaches are initiated from outside the firewall

0
TRADITIONAL PERIMETER-BASED DEFENSE
STRATEGIES ARE INSUFFICIENT
Proactive Attack Surface Management is Required

1
ATTACK SURFACE – Digital Asset Layer
All Internet Accessible Assets
Known
Inventoried, Managed
& Leveraged
Unknown
Shadow or
Orphaned IT
Rogue
Malicious &
Impersonating
Deep
Broad
Breadth, Depth, Timeliness & Accuracy Matter

2
Known
& Leveraged
Unknown
Shadow or
Orphaned IT
Rogue
Malicious &
Impersonating
Mobile Apps
Social Media
Open Web
Deep Web
Dark Web
Deep
Broad

3
Known
& Leveraged
Unknown
Shadow or
Orphaned IT
Rogue
Malicious &
Impersonating
Deep
Broad
IP’s
Domains
Mobile Apps
Executives
Social Media
Services
3rd Party
Components
Brands
Hosts
URLs
Open Ports SSL Certs
Email
DNS
Whois

RISKIQ ATTACK
SURFACE PLATFORM

5
RiskIQ Attack Surface Platform
Target
Hunt,
Observe &
Interact
Multiple
Layers
Capture
(Multiple Digital
Channels)
Analyze
Discovery/
Alert
Enforce Manage
Structure and
Curate
RiskIQ Internet Data
Warehouse

Target
Brands
Logos Keywords
Domains
URLs
IPs
Names
Integrations
Hosts
Customers
Partners
Keywords
Domains
IPs
Hosts
Internet
Hashes
URLs
IPs
Integrations
DMARCWeb Referrers
Abuse Boxes
API Submittals
URLs
Search
Continuous Scanning

Virtual User
Globalized Internet Proxy
Social Media Sites
Digital Advertisements
Mobile App Store Monitoring
DNS Sensors
Port & Service Scanners
IP Scanners
Hunt,
Observe &
Interact
Multiple
Layers
Full Stack Visibility

Capture
(Multiple Digital
Channels with
Glocalization
Perspective)
Advanced Internet
Reconnaissance
Open Source
Intelligence
SSL
Certificates
IoT
CookiesJavaScript
Passive
DNS
Phishin
g
Client
Side
DOM
Active
DNS
Malware
Social
Media
Mobile
Apps
WHOIS
Port
Info
Banner
s
Service
s
Comprehensive & Scalable Collections
• 250k New Domain Resolutions/day
• 5.5M New Host Resolutions/day
• 106B+ Total Unique DNS Records
• 2B+ Web Requests/ day
• 300K+ New Port Observations
• 300+ Mobile App Stores – 34M+ apps

Analyze
Multi Layer Processing

Analyze
Orchestration & Recursion

RiskIQ Internet
Data Warehouse
Structure and
Curate
INTERNET DATA SETS
• Full DOM Capture &
Analysis
• Passive DNS
• Crawl Index
• SSL Certificates
• Web Components
• Trackers
• Historic Data
• Mobile Apps
• WHOIS
• IP Port &
Banner
DERIVED DATA SETS
• IoT
• Zero-day
• Accomplice
• Spam
• Scam
• Cookie
• IP Reputation Data
• Domain Infringement
• Malware
• Blacklist
• Phishing
• Host Pairs
Analyze

RiskIQ Internet
Data Warehouse
Discovery/
Alert
Structure and
Curate
Infections & IOCs
Fake Mobile Apps
OWASP CVE CVSS
Data Leakage/ Exfiltration
Non Authorized Services
Custom
Compromise & Defacement
Rogue Phishing Sites
Infringing Domains & Hosts
Social Media Impersonations
Compliance
Asset Discovery
INTERNET DATA SETS
Analysis
• Passive DNS
• Crawl Index
• Web Components
• Trackers
• Historic Data
• Mobile Apps
• WHOIS
• IP Port &
Banner
DERIVED DATA SETS
• IoT
• Zero-day
• Accomplice
• Spam
• Scam
• Cookie
• Malware
• Blacklist
• Phishing
• Host Pairs
Analyze

RiskIQ Internet
Data Warehouse
Discovery/
Alert
Enforce
Structure and
Curate
Infections & IOCs
Fake Mobile Apps
OWASP CVE CVSS
Custom
Compliance
Asset Discovery
INTERNET DATA SETS
Analysis
• Passive DNS
• Crawl Index
• Web Components
• Trackers
• Historic Data
• Mobile Apps
• WHOIS
• IP Port &
Banner
DERIVED DATA SETS
• IoT
• Zero-day
• Accomplice
• Spam
• Scam
• Cookie
• Malware
• Blacklist
• Phishing
• Host Pairs
GSB/MSS Mitigation
Email Alerts
In App Enforcement
Integrations
Restful API
Analyze

RiskIQ Internet
Data Warehouse
Discovery/
Alert
Enforce Manage
Structure and
Curate
Infections & IOCs
Fake Mobile Apps
OWASP CVE CVSS
Custom
Compliance
Asset Discovery
INTERNET DATA SETS
Analysis
• Passive DNS
• Crawl Index
• Web Components
• Trackers
• Historic Data
• Mobile Apps
• WHOIS
• IP Port &
Banner
DERIVED DATA SETS
• IoT
• Zero-day
• Accomplice
• Spam
• Scam
• Cookie
• Malware
• Blacklist
• Phishing
• Host Pairs
Change Monitoring
Correspondence Tracking
Correlations
Reporting
Trends
GSB/MSS Mitigation
Email Alerts
In App Enforcement
Integrations
Restful API
Analyze

5
RiskIQ Attack Surface Platform
Target
Hunt,
observe &
interact
multiple
layers
Capture
(Multiple Digital
Channels)
Analyze
Discovery/
Alert
Enforce Manage
Structure and
Curate
RiskIQ Internet Data
Warehouse

6
VISIBILITY IS THE FOUNDATION
You Can’t Protect What You Don’t Know About
20-40%
is Unknown or Rogue
Changes
10%
per Month -
but varies dramatically
Proactive
Monitoring of Even Critical
Assets is the Exception

7
VISIUALIZE AND DEFEND YOUR ATTACK SURFACE
Dramatically Lower Your Risk Profile and Increase Your Efficiency
Continuous, live
discovery of your attack
surface – see and defend
based on what attackers
see
Automate identification
of risks & threats across
all digital channels &
infrastructure—manage &
minimize your cyber risk
exposure
Focus & prioritize your
staff and automate
remediation activities
based on business value,
context and risk –
dramatically shorten
time-to-detect and
remediate
Better protect your
company, brand, people
and data - eliminate threats
before they impact your
business

https://www.riskiq.com/attack-surface-management/
Q&A

How to Reduce the Attack Surface Created by Your Cyber-Tools

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to How to Reduce the Attack Surface Created by Your Cyber-Tools

Similar to How to Reduce the Attack Surface Created by Your Cyber-Tools (20)

More from Enterprise Management Associates

More from Enterprise Management Associates (20)

Recently uploaded

Recently uploaded (20)

How to Reduce the Attack Surface Created by Your Cyber-Tools