RSAC 2021 Keynote: The Internet is Small: Own Your Attack Surface Before Somebody Else
Summary
TLDRIn this presentation, Tim Junio from Palo Alto Networks discusses the growing threat of attackers exploiting vulnerabilities in organizations' attack surfaces. He highlights how attackers can scan the entire internet for exposed assets in mere minutes, far outpacing defenders' response times. The session explores the critical vulnerabilities, especially in remote desktop protocols and cloud environments, and emphasizes the importance of proactive attack surface management. Palo Alto Networks' research reveals that the average Fortune 500 company faces serious exposures every 12 hours. The key takeaway is that organizations can close this gap with automation and robust attack surface management practices.
Takeaways
- π Attackers can now scan the entire internet for vulnerabilities in just minutes, significantly outpacing defenders who take days or weeks to discover exposures.
- π Digital transformation has expanded the attack surface, especially with the rise of cloud environments and remote work, leading to more security risks for organizations.
- π Cyberattacks are becoming faster and more sophisticated, with attackers using advanced network science methods to detect and exploit vulnerabilities quickly after exploits are published.
- π Zero-day attacks, once considered the most sophisticated, are now being matched in importance by basic cyber hygiene issues, like exposed RDP ports, due to rapid internet scanning.
- π Fortune 500 companies face significant security risks, with serious exposures occurring every 12 hours on average, particularly in cloud environments.
- π Misconfigured remote desktop protocols (RDP) are a common vulnerability, allowing attackers to gain unauthorized access to systems via the public internet.
- π More than three-quarters of serious security exposures in large organizations are found in cloud environments, reflecting the challenges of monitoring rapidly changing cloud infrastructures.
- π Many organizations struggle to manage their attack surface due to the explosion of internet-connected devices and the complexity of commercial cloud environments.
- π The key to defending against these threats is having an accurate, up-to-date inventory of assets, as organizations can only protect what they are aware of.
- π Top-performing organizations in cybersecurity focus on reducing their 'Mean Time to Inventory' (MTTI), allowing them to quickly detect and manage new assets or exposures.
- π Attackers continuously monitor the internet for vulnerable systems, whereas security teams need to adopt the same proactive approach to monitoring their own assets to stay ahead of threats.
Q & A
What is the main focus of the research presented by Tim Junio?
-The main focus of the research is on attack surface management and how Fortune 500 companies are at risk due to attackers who can discover exposed assets on the public internet faster than ever before.
How has network science impacted the speed of scanning the global internet?
-Network science has enabled scanning the entire internet much faster than before, moving from weeks or months in 2013 to as quickly as 45 minutes for a given protocol, with further improvements reducing it to just minutes.
What significant event in 2021 highlighted the speed at which attackers adapt to new vulnerabilities?
-The publication of zero-day exploits associated with Microsoft Exchange servers in 2021 demonstrated how attackers could scan for exposed assets within minutes of the exploit's release, showcasing their rapid adaptation.
What challenge do organizations face when trying to secure their assets compared to attackers?
-Organizations often take days, weeks, or longer to discover all of their exposed assets, while attackers can scan the internet within seconds for exploitable systems, creating a significant gap in the speed of threat detection.
Why is cyber hygiene as important as zero-day attacks for modern cybersecurity?
-Cyber hygiene, such as ensuring there are no exposed database servers or poorly configured assets, is just as critical as zero-day attacks because attackers often look for low-hanging fruit and target easily accessible vulnerabilities.
What does the 'Mean Time to Inventory' metric represent?
-The 'Mean Time to Inventory' metric represents the average time it takes for an organization to discover and inventory new assets that are added to its environment, helping to assess how quickly an organization can adapt to changes and manage potential security risks.
What are the primary methods used by organizations to defend against cyber threats, and how do they compare to attackers' methods?
-Organizations use methods like penetration testing, red teaming, and vulnerability management, typically on slower cadences (e.g., quarterly or annually). In contrast, attackers scan the global internet at much faster rates, often sub-hourly or even in minutes, making these defensive methods less effective.
What was the finding of Palo Alto Networks' first Attack Surface Management Report regarding serious exposures in Fortune 500 companies?
-The report found that serious exposures occur approximately every 12 hours for the average Fortune 500 company, with most serious exposures occurring in cloud environments.
How has the rise of remote work during COVID-19 impacted the attack surface for organizations?
-The shift to remote work during COVID-19 increased the attack surface as employees began using corporate equipment from home or other non-corporate networks, making it easier for attackers to find exposed assets.
What can organizations do to catch up with attackers and better manage their attack surfaces?
-Organizations can enhance their attack surface management by adopting high levels of automation, developing processes that ensure quick discovery and inventory of assets, and consistently monitoring the global internet for any new assets that could present vulnerabilities.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
The Five Stages of Vulnerability Management
Information Assurance and Security 2 - Lesson 2
WANNACRY: The World's Largest Ransomware Attack (Documentary)
CompTIA Security+ Full Course: Attack and Attacker Categories
Mandiant Attack Life Cycle | The Hacker's Playbook
A New Approach to Get Your Cloud Risks Under Control
5.0 / 5 (0 votes)