Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
According to OWASP, an attack surface “describes all of the different points where an attacker could get into a system, and where they could get data out”. As organizations’ infrastructure grows and becomes more complex, it can be challenging to keep up with their expanding attack surface. Exploitable vulnerabilities exist across your known infrastructure, but also extends to shadow IT – those projects and software managed outside of the IT department, the existence of which may not be known to the security team.
Only 29% of organizations believe they have sufficient visibility into their attack surface. That’s why, in our new Practical Guide to Reducing Digital Risk, we outline ways to manage and reduce the attack surface and how, by taking an outside-in perspective of the attacker, organizations can identify these untracked IT investments and significantly reduce the attack opportunities presented to an adversary.
The Equifax breach, which exposed over 140 million customer records, is a good example of why it’s important to get this right. Equifax reported that this breach occurred through an unpatched web application that was vulnerable to an exploit in the Apache Struts framework (CVE-2017-5638). This vulnerability had patches available for two months, and evidence of the exploitation of this weakness was widely known as many attackers had already been observed to have exploited this weakness in campaigns.
Part of the challenge for Equifax (and many other organizations) is knowing what assets exist in the IT estate in the first place. While Equifax may be an extreme example, all companies’ IT departments are playing a constant game of catch-up with their changing organizations and rarely have a complete view of what they are responsible for protecting. Shadow IT has become a very real problem for businesses globally as they grow, merge, and adapt their infrastructures. Even those that have an effective vulnerability management program experience challenges prioritizing the range of work without disrupting IT operations.
When we consider an organization’s internet-facing infrastructure, there are four main aspects of an attack surface to consider.
Digital Shadows SearchLight’s passive data collection has no impact on your network. By aggregating data from open sources, SearchLight gains a broader picture of your network over time. This enables you to prioritize securing your network assets that are most at risk from compromise and exploitation. We provide high priority alerts that relate to genuine threats to your network infrastructure, not a deluge of CVEs (Common Vulnerabilities and Exposures).
While nearly 60% of organizations still have no set schedule to address vulnerabilities or do not do vulnerability scans, tools are available for those who wish to start reducing their attack surface. These include:
You can download a copy of our Practical Guide to Reducing Digital Risk
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.