>
Case Study

How Recorded Future Attack Surface Intelligence Shines a Light on Blind Spots

Businesses across the globe are using Attack Surface Intelligence to gain a persistent, outside-in view of their organization’s entire attack surface.

Proactive attack surface management is essential for keeping up with an expanding threat landscape and sophisticated attackers. With digital assets scattered across the internet, often spun up without proper security oversight and hygiene, and left forgotten and unsecured, organizations must ensure they understand where exposures in their perimeter could be.

Proactive attack surface management is essential for keeping up with an expanding threat landscape and sophisticated attackers. With digital assets scattered across the internet, often spun up without proper security oversight and hygiene, and left forgotten and unsecured, organizations must ensure they understand where exposures in their perimeter could be.

How can organizations not know about internet-facing assets or not be aware of serious security issues? Common causes include:

• Abandoned application development projects and marketing demonstration environments that leave unused domains and subdomains behind

• Forgotten domains and assets belonging to acquired entities

• “Shadow IT” systems and cloud application subscriptions outside the organization’s security controls

• Server misconfigurations such as open ports that allow unauthorized access to internal networks

• Hostnames and self-signed certifications that point to internal IP addresses

• Cloud hosting services missing controls needed for security or regulatory compliance

Equipping security and compliance teams with a comprehensive toolset to understand and mitigate risk helps organizations see the blind spots that are visible to adversaries and move the advantage back to their teams. Access to a unified view of their external infrastructure enables them to navigate across disparate technology systems and quickly map and resolve exposures while keeping pace with their ever-changing attack surface.

How clients use Recorded Future Attack Surface Intelligence to shine a light on blind spots:

Organizations in many different verticals and regions are using Recorded Future Attack Surface Intelligence to persistently monitor for exposed assets, strengthen defenses, improve efficiency, and more.

Replace Trust with Trusted Intelligence

A US State Agency uses Recorded Future to ensure all state agency assets are in policy. A critical tool for validation, Attack Surface Intelligence helped the state transition from a trust-based system, with state agencies and vendors, to an evidence-based system that allows them to confidently manage their internetfacing infrastructure. Access to essential intelligence, such as risk details and vulnerable applications, streamlines their web-based risk identification, communication, and remediation process, while simultaneously eliminating the need for additional research.

Gain a Persistent View for a Dynamic Portfolio

Attack Surface Intelligence helps a large North American beverage company keep track of external-facing assets that their decentralized marketing departments consistently fail to alert them about. With a persistent view of their attack surface, the company can easily track when new assets are spun up to ensure that they’re also wound down appropriately. Additionally, by easily being able to view screenshots of their associated assets, the company has found divestitures that were still using their terms and conditions. Visibility into this problem has greatly helped in their efforts to maintain domain hygiene and remove associations from brands no longer under their umbrella.

Improve Detection Capabilities

A Security Operations Manager for a communications company highlighted Recorded Future’s ability to provide their team with a superior collection of actionable data, across all of their assets, than they were previously receiving or even aware of. Access to a much larger attack surface footprint than before combined with a clean user interface and intuitive user experience makes it easy to quickly identify and remediate potential soft spots on their perimeter, such as ports that shouldn’t be open.

Keep Critical Ports from Being Exposed

A large financial services company in India has found Attack Surface Intelligence to be invaluable for detecting critical ports not meant to be open. While protections are often in place for the company to ensure outsiders can’t access critical ports, some were temporarily opened but mistakenly not closed. Using Attack Surface Intelligence has helped them design new workflows to ensure these inadvertent mistakes do not repeat.

Make Unknown Assets Known

A large publicly-traded software company uses Recorded Future to continuously find unknown assets. Attack Surface Intelligence surfaces subdomains that the company lacks insight into, enabling them to determine site legitimacy and quickly take the appropriate action, whether that’s decommissioning the site or adding to their asset logs for future scanning. Leveraging an outside-in view of their attack surface helps the software company strengthen their perimeter by removing potential attack vectors.

Enhance Workflow Efficiency

For a North American biotech company, Attack Surface Intelligence has become fundamental for their daily workflows. Before using Recorded Future, the company employed a time consuming and tedious workflow to sort through newly active hostnames and identify those that appeared to be out of policy. A process that used to cost the biotech company weeks or months of discovery effort has been greatly reduced with easy access to comprehensive intelligence on all of their domains in one solution.

To see the full PDF, download here.

Related