Enterprise attack surfaces continue to expand with cloud adoption, the distributed workforce, and an increasing reliance on third-party vendors – and with this ever-expanding attack surface comes an equally significant escalation in cyber risk. It should not be surprising, therefore, that we are witnessing a continual increase in cyber attacks, data breaches, cyber-attack related costs, and threats that targeted data across the hybrid environment.
For instance, according to IBM’s 2023 Cost of a Data Breach Report:
- The average total cost of a data breach climbed to an all-time high of $4.45 million in 2023
- 82% of breaches involved data stored in the public or private cloud
- Data breaches were 31.6% more costly on average for organizations with high security system complexity
- Breaches that took more than 200 days to find and resolve cost an average of 23% more than those that took less
Notably, IBM’s research also showed that 67% of breaches were reported by a benign third party or by attackers themselves. Only one-third of companies discovered the attack through their own security teams.
At the same time, the study reported that the right security and AI automation could significantly reduce breach discovery time and costs.
Mitigate Risk by Looking at Your Attack Surface from the Outside In
Vulnerability management tools rely on the continuous monitoring and patching of vulnerabilities as soon as possible. By definition, they can only defend known vulnerabilities through, for instance, patching or removing those vulnerabilities – and although vulnerability management solutions are essential tools in the cybersecurity toolbox, they are not enough. Thousands of new vulnerabilities are reported every year, and security teams rarely know the full extent of those that exist in their estate.
Rather than patching vulnerabilities, attack surface management (ASM) tools focus on understanding, managing, and shrinking the attack surface. By scanning and mapping an attack surface, ASM tools typically reveal a significant portion of previously unknown vulnerabilities. According to Forrester, for instance, ASM tools actually discover an average of 30% more cloud assets than security and IT teams even know that they have.
ASM tools can address several key challenges that vulnerability management tools cannot, including:
- How to prioritize threats. The best ASM tools provide context by prioritizing vulnerabilities based on the risk they pose and the potential impact they would have were they to be exploited.
- Proactive, automated scanning. Automated scanning can help reveal the often sizable portion of vulnerabilities that internal teams miss – the same types of vulnerabilities that attackers themselves will be looking for.
- Identifying risk, even in the absence of a vulnerability. Not all attackers use known vulnerabilities to access systems. Many would prefer to take “the easy route” by, for instance, exploiting misconfigurations, oversights, or errors.
In short, ASM solutions are focused on awareness.
They expose shadow IT, gaps, and misconfigurations, which makes vulnerability management tools more effective, while also allowing security teams to understand and shrink their organization’s attack surface.
The best ASM systems, such as Randori from IBM, help build an ethos of cyclical improvement into the workflow through continuous discovery and testing.
IBM Randori: Cloud-Based Attack Surface Management from IBM
IBM’s acquisition of Randori brings industry-leading ASM to the IBM Security portfolio. IBM Security Randori Recon is an attack management solution that is complemented by Randori Attack Targeted, which automates red teaming and validates your security investments.
IBM Security Randori Recon helps:
- Identify organizational exposures while reducing false positives
- Act on newly identified assets without additional research
- Prioritize top targets by determining impact and risk
- Improve cyber resilience by implementing remediation best practices across the infrastructure
- Confirms whether exploitable common vulnerabilities and exposures (CVE) exist on the external attack surface
Ideal for use cases such as shadow IT discovery and M&A risk management, Randori Recon exposes the attack surface through the lens of the attacker and lets security teams move more vulnerabilities from the “unknown and exposed” category to “known and unexposed.”
Randori Attack Targeted extends Randori Recon’s attack surface management functionality and provides:
- Risk-based prioritization
- Continuous red teaming at scale
- In-product remediation guidance
- Reporting and insights into the current security posture
Useful for continuous security validation and threat exposure management, Randori Attack Targeted helps ensure IT teams are making the most of Randori Recon and their security investments as a whole.
Towards Holistic Attack Surface Management and Security Validation
IBM Security Randori lets organizations uncover external attack surface risks before attackers do and validate security investments through continuous, automated testing. Rather than playing “catch up” with patches and vulnerabilities, security teams can take control of their attack surface and stay one step ahead of the adversary.
Logicalis, an experienced IBM Partner and a global Managed Services Provider, has extensive experience with a complete range of cybersecurity solutions, including the IBM Security portfolio. If you would like to learn more about ASM, Randori, or Logicalis’ Managed Cybersecurity Services, contact us today to schedule a free executive briefing.