Go back to All Blog posts

The Cybersecurity Industry is Waking Up to the External Attack Surface

Tally Netzer
November 17th, 2020

Several months ago, I was introduced to IONIX and the concept of the external attack surface that exists in an organization’s external attack surface. I have worked in cybersecurity for many, many years and yet, this was the first time I had been made aware of the attack surface as a fertile conduit to security breaches.

It was one of those cases of “I didn’t know what I didn’t know.” Because of my experiences with clients, colleagues, peers, and friends in cybersecurity, I was certain many of them are also unaware of how truly extensive and vulnerable this attack surface is. As I have thought about this gap in awareness, I have also speculated at the root causes and if the cybersecurity industry would come to the same realizations.

Focusing only on the perimeter is shortsighted

Perimeter security is what security professionals have been conditioned to worry about day and night. In recent years, the perimeter has morphed into a dynamic, ever-changing boundary we must protect that encompasses cloud environments, remote workers, or shadow IT. Consequently, the “what” and “where” of the perimeter has blurred and this has raised questions about what a security team needs to defend. My responsibility in recent years has been on tracking and protecting the new perimeter and how to extend traditional security tools, practices, and governance beyond the enterprise “legacy” perimeter. Then I was introduced to the external attack surface.

The external attack surface

The first striking thing about an enterprise digital attack surface is the vast scope of it. In his recent blog, What Is An Online Ecosystem?, Yoni Lebowitsch explained external attack surfaces and their potential vulnerabilities. Yoni used the home page of www.wsj.com to visualize the size and scope of the attack surface that is utilized to build a single web page. Other than sheer size, the number of third-party tools and vendors that are the essence of the attack surface is staggering. When you consider that nearly every element of that attack surface represents a potential vulnerability to your organization, the implications are just as astonishing. If you consider that an enterprise’s external attack surface is five-to-ten times larger than the elements within its perimeter, organizations may begin to question their security investments, focus, and best practices.

Don’t take my word for it

I was excited to see recent industry news highlighting the legitimacy and seriousness of this cybersecurity space. The announcement of Palo Alto Networks’ proposed Expanse acquisition is a clear endorsement of the fact that major players in cybersecurity, and their global enterprise clients, are beginning to come to the same realization I had when I joined IONIX. Attack Surface Management (ASM) vendors offer clear value from their perspective on cybersecurity: they examine the security posture from the outside-in.

Confused? Listen to Nikesh Arora explaining it eloquently to Jim Cramer on Mad Money here. The defenders realize that adopting the attackers’ views is critical to optimizing their security posture. This approach mimics those adopted by military strategists. For example, many years ago, in the Israeli Defense Force (IDF), combat officers were asked to plan attacks on their own defense lines using imagination, courage and far-out-of-the-box thinking.

Think outside the perimeter

This is what we do here at IONIX. We identify the threats that exist outside the perimeter, far beyond what first-generation ASM solutions offer. Our attack surface management platform searches for the threats that exist Nth degrees of separation from your enterprise. We then take it a step further and look for the vulnerabilities connected to those threats, the vulnerabilities of those connections, and their connections, etc.

As a timely illustration, imagine your potential exposure to Covid-19: Your risk of exposure is not limited to those you meet in person – it spans all the people you meet, and all the people they met and so forth (up to 14 days back). Each and every one of those can be the source of your exposure.

When it comes to external attack surfaces your exposure to risk is no different. The more third parties to which you are connected, the more your attack surface grows at an exponential rate. IONIX’s active threat protection seeks out potential threats along that entire connected chain. When IONIX sees the threat coming, you will be the first to know.



Discover the full extent of your online exposure so you can protect it.