Why relying on network perimeter security alone is a failure


I SEE YOU
Cloud Asset misconfig
Cloud Asset discovery
Cloud Asset threats
Cloud indicators of attack
Cloud Asset vulnerabilities
WELCOME TO OUR PROJECT
We are on a mission to help cyber defense practitioners reduce complexity from managing their attack surface. We live in your outer surface, outside the walls of your network. Allowing us to continuously scan and unify all your internet-facing assets in one platform.
> attack awareness
> attack discovery
> attack prevention
PROJECT INTRO
Defending your network infrastructure against cyber attacks is not an easy task. The attacker has an advantage over the defender. A hacker can attack from anywhere at any time. A defender would have to defend everywhere all the time, and this can be challenging.
The first step cybercriminals make to gain entry to an organization's network is by conducting Reconnaissance which allows them to identify, and study internet-facing assets.
Malicious cyber attackers then enter the vulnerability scanning phase, which includes actively scanning open ports for common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.
PROBLEM STATEMENT
your attack surface
Only 9% of organizations believe they actively monitor 100% of their attack surface. The highest percentage (29%) say they actively monitor between 75% and 89% of the attack surface while many monitor even less. Aside from the obvious ‘blind spot’ problem, most organizations have several internet-facing assets they not aware of. According to vendors in this space, organizations often discover somewhere in the range of 40% more assets when they use an automated scanner, meaning that even those that believe they have things under control, probably do not.
Discovering
your attack surface
Attack surface discovery takes more than 80 hours at 43% of organizations, and most organizations perform ASM discovery periodically—once a week, twice per month, or monthly. This is completely out of synch with the moves, adds, and changes happening to support cloud-native applications, remote workers, third-party connections, etc. These discovery efforts are simply in place to gather the data. Once organizations have the data, they still must put in the work to analyze it, prioritize vulnerabilities, and work with IT operations on risk mitigation—the ‘real’ work of ASM.
Analyzing
your attack surface
When organizations do perform ASM discovery, they continually find a potpourri of exposed assets. For example, 31% of organizations found sensitive data in a previously unknown location, 30% spied websites with a direct or indirect path to their networks, 29% uncovered misconfigured employee credentials, 28% observed unknown SaaS applications, 27% discovered applications/systems with 0 users, 27% exposed misconfigured SSL certificates. It takes time and resources to proceed through change management processes with this diverse group of assets.
Don't spreadsheet
your attack surface
"Like other areas of cybersecurity, many organizations back into ASM by gathering snippets of information from a plethora of different existing tools. The research indicates that 41% of organizations use threat intelligence sources, 40% lean on IT asset management systems, 33% leverage cloud security monitoring solutions, and 29% rely on vulnerability management. Of course, someone must gather this data, correlate it, and try to make sense of it. Often, this is (still) done with spreadsheets."
Learn more>
Look for attack surface management to go mainstream in 2022
Published 11 Feb 2022
By Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service.
USER BENEFITS
PROJECT OBJECTIVE
Create an easy-to-use tool that simulates hackers' techniques allowing the user to continuously scan an entire internet-facing network architecture. Ultimately, the defensive goal is to stop attackers before their attacks can start.
PROJECT DESCRIPTION
Attack Surface Management (ASM) aka a Cyber Network Defense tool will defend networks against malicious adversaries. This is the most critical and complex priority. ASM delivers both defensive and allowing offensive-against global malicious adversaries. ASM rapidly develops and deploys cybersecurity capabilities to equip you and your team to fight against resilient and adaptive malicious adversaries. ASM provides real-world cybersecurity effectiveness to combat today's aggressive and modern adversaries and other global threats 24/7/365. ASM has the capability for both commercial and military applications.
MVP v1
USE CASES
Security Operations & Cyber Defense
Cybercriminals never take a break, and using our cyber defense platform provides an organization with multiple benefits, including continuous network monitoring, centralized visibility, reduced cybersecurity costs, and better collaboration.


Military & Government
Our battle-ready cybersecurity platform
conducts cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict.
Penetration Testing
Our cyber defense tool allows pen testers to use the same tools that are used by the hackers,
launching simulated attacks against networks or systems in order to seek out vulnerabilities.


Red vs Blue Team
War Games

Actual Cyber Breach Scenarios
PROJECT TIMELINE
As a security architect, I have worked with many corporations and organizations that struggled with providing a clear and true way of identifying internet-facing assets such as IPs, ports, services, the use of SSL Certs, misconfigured servers and or network equipment. I needed to know the unknown in order to do my job.
Research Sources
Gartner Research:
Innovation Insight for Attack Surface Management
Published 24 March 2022 - ID G00748467
By Mitchell Schneider, John Watts, Pete Shoard
U.S. Department of Defense (DoD):
DoD Cybersecurity Discipline Implementation Plan
Line of Effort 3: Reduce Attack Surface
Forrester Research:
Find And Cover Your Assets With Attack Surface Management
January 6th, 2022
Jess Burn, Senior Analyst
With contributors:
Merritt Maxim, Alexis Tatro, Peggy Dostie
Gartner Research:
Hype Cycle for Security Operations, 2022
Published 5 July 2022 - ID G00770249
By Andrew Davies
OWASP:
Attack Surface Analysis Cheat Sheet
Published 2021 by CheatSheets Series Team
SURFACEER
We are excited about our new project. Lots of hard work continues. Please drop us your info so we can keep you updated.
If you would like to request more information about Surfaceer our email is listed below.
DEFINITIONS
Attack Surface Assessment - An attack surface assessment is a methodical examination of an organization's digital environment to identify potential attack vectors and vulnerabilities. The assessment evaluates the organization's digital assets, such as hardware, software, network infrastructure, and internet-facing applications, to determine the possible ways an attacker could penetrate the organization's defenses.
The goal of an attack surface assessment is to provide an overview of the organization's security posture and identify the specific areas that are vulnerable to cyber-attacks. The assessment can help an organization identify and prioritize security improvements and develop a roadmap for mitigating potential security risks.
Attack Surface - Gartner has adopted the National Institute of Standards and Technology’s (NIST’s) definition of attack surface: “The set of points on the boundary of a system, a system element, or an environment [the assets] where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment. attack surface - Glossary | CSRC.
Attack surface management - is the process of identifying, monitoring, and reducing an organization's attack surface. The attack surface refers to all the possible points of entry that an attacker could use to compromise a system or network, such as open ports, weak passwords, unpatched software, misconfigurations, and third-party integrations.
Attack surface management involves a variety of activities, including:
-
Inventory: Create an inventory of all the assets in an organization's infrastructure, including hardware, software, and cloud-based services.
-
Assessment: Conduct vulnerability assessments and penetration testing to identify potential vulnerabilities in the infrastructure.
-
Prioritization: Prioritizing vulnerabilities based on their severity and potential impact on the organization's security posture.
-
Remediation: Fix vulnerabilities through patching, configuration changes, or other mitigation strategies.
-
Monitoring: Continuously monitoring the infrastructure to identify new vulnerabilities or changes to the attack surface.
-
Reporting: Generating reports on the organization's attack surface and security posture to help management make informed decisions about risk management and security investments.
By implementing attack surface management practices, organizations can proactively reduce their risk of cyber-attacks and improve their overall security posture.
Network Architecture - on-premise networks, SD-WAN networks, cloud networks (Azure, AWS, Google), data center networks
Internet-facing - Internet-facing assets (hosts) are entry points that are typically the most attacked hosts on an organization’s network.
-
Internet-facing assets:
-
Network components such as routers, firewalls, gateways, IP, Ports,
-
Website's
-
Application's
-
API’s
-
3rd Party vendors' integration of internet-facing assets
-
Threat Landscape - The threat landscape means the entire scope of potential and recognized cybersecurity threats affecting networks, users, organizations, specific industries, or a particular time.
Threat vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
Security Event - A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having the authorization to do so.
Network Intrusion Detection - Network-based intrusion detection identifies unauthorized, illicit, and anomalous behavior based solely on network traffic.