Security starts with visibility: you can’t protect what you can’t see. And yet, this is a perennial problem in cybersecurity. We’re excited to bring attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, Internet-facing assets. And we’re doing the latter in partnership with Bit Discovery, an innovative start-up founded by Jeremiah Grossman (previously co-founder of WhiteHat Security).
How bad is the attack surface visibility problem? The Trend Micro incident response team provides a big-picture view, estimating that over the last two years, roughly 50% of the serious incidents they handled began when an attacker compromised an unknown and/or vulnerable external-facing asset. (And if you’re wondering about the other 50%, almost all of that originated from phishing.)
Why is it so challenging to obtain a comprehensive view of the attack surface (and to keep it current after that)? There are many factors that contribute: organizations have shifted to SaaS and cloud services, employees have embraced work from home, shadow IT projects launch initiatives outside of regular processes, acquisitions broaden the attack surface overnight, and the visibility across this dynamic environment is frequently siloed in various commercial and home-grown tools – or is simply nonexistent.
To address this challenge, automated attack surface discovery is needed – but it must be accompanied by risk assessment and prioritization, otherwise, it will result in even more noise for already-overwhelmed security teams. Thousands of assets discovered, hundreds have serious vulnerabilities or misconfigurations – what needs to be targeted first? That’s the solution we’ve set out to deliver, with embedded technology from Bit Discovery helping discover the particularly vulnerable Internet-facing assets.
A modern attack surface discovery approach needs to leverage a range of telemetry sources in order to achieve broad visibility. Trend Micro’s Vision One performs discovery by synthesizing telemetry from Trend Micro products but also integrations to infrastructure and security products such as Azure Active Directory, Office 365, Qualys, Okta, Amazon AWS, Microsoft Azure, and more, along with the embedded functionality from Bit Discovery.
Read More HERE