top of page
I SEE YOU
Asset discovery

Cloud Asset misconfig

Asset discovery

Cloud Asset discovery

Asset discovery

Cloud Asset threats

Asset discovery

Cloud indicators of attack

Asset discovery

Cloud Asset vulnerabilities

WELCOME TO OUR PROJECT

We are on a mission to help cyber defense practitioners reduce complexity from managing their attack surface.  We live in your outer surface, outside the walls of your network. Allowing us to continuously scan and unify all your internet-facing assets in one platform.

> attack awareness
       > attack discovery
            > attack prevention

Project

PROJECT INTRO

Defending your network infrastructure against cyber attacks is not an easy task. The attacker has an advantage over the defender. A hacker can attack from anywhere at any time. A defender would have to defend everywhere all the time, and this can be challenging.

The first step cybercriminals make to gain entry to an organization's network is by conducting Reconnaissance which allows them to identify, and study internet-facing assets.

Malicious cyber attackers then enter the vulnerability scanning phase, which includes actively scanning open ports for common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.

PROBLEM STATEMENT

Actively Monitoring

your attack surface

Only 9% of organizations believe they actively monitor 100% of their attack surface. The highest percentage (29%) say they actively monitor between 75% and 89% of the attack surface while many monitor even less. Aside from the obvious ‘blind spot’ problem, most organizations have several internet-facing assets they not aware of.  According to vendors in this space, organizations often discover somewhere in the range of 40% more assets when they use an automated scanner, meaning that even those that believe they have things under control, probably do not.

Discovering

your attack surface

Attack surface discovery takes more than 80 hours at 43% of organizations, and most organizations perform ASM discovery periodically—once a week, twice per month, or monthly. This is completely out of synch with the moves, adds, and changes happening to support cloud-native applications, remote workers, third-party connections, etc. These discovery efforts are simply in place to gather the data.  Once organizations have the data, they still must put in the work to analyze it, prioritize vulnerabilities, and work with IT operations on risk mitigation—the ‘real’ work of ASM.

Analyzing

your attack surface

When organizations do perform ASM discovery, they continually find a potpourri of exposed assets. For example, 31% of organizations found sensitive data in a previously unknown location, 30% spied websites with a direct or indirect path to their networks, 29% uncovered misconfigured employee credentials, 28% observed unknown SaaS applications, 27% discovered applications/systems with 0 users, 27% exposed misconfigured SSL certificates.  It takes time and resources to proceed through change management processes with this diverse group of assets.

Don't spreadsheet

your attack surface

"Like other areas of cybersecurity, many organizations back into ASM by gathering snippets of information from a plethora of different existing tools. The research indicates that 41% of organizations use threat intelligence sources, 40% lean on IT asset management systems, 33% leverage cloud security monitoring solutions, and 29% rely on vulnerability management.  Of course, someone must gather this data, correlate it, and try to make sense of it.  Often, this is (still) done with spreadsheets."

Learn more>

Look for attack surface management to go mainstream in 2022

Published 11 Feb 2022

By Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service.

USER BENEFITS

PROJECT OBJECTIVE

Create an easy-to-use tool that simulates hackers' techniques allowing the user to continuously scan an entire internet-facing network architecture.  Ultimately, the defensive goal is to stop attackers before their attacks can start.

PROJECT DESCRIPTION

Attack Surface Management (ASM) aka a Cyber Network Defense tool will defend networks against malicious adversaries. This is the most critical and complex priority. ASM delivers both defensive and allowing offensive-against global malicious adversaries. ASM rapidly develops and deploys cybersecurity capabilities to equip you and your team to fight against resilient and adaptive malicious adversaries. ASM provides real-world cybersecurity effectiveness to combat today's aggressive and modern adversaries and other global threats 24/7/365. ASM has the capability for both commercial and military applications.

MVP v1

USE CASES

Security Operations & Cyber Defense

Cybercriminals never take a break, and using our cyber defense platform provides an organization with multiple benefits, including continuous network monitoring, centralized visibility, reduced cybersecurity costs, and better collaboration.

Cybersecurity_BlueTeamer.jpg
Cyber_Warfare_pic.png

Military & Government

Our battle-ready cybersecurity platform

conducts cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict.

Penetration Testing

Our cyber defense tool allows pen testers to use the same tools that are used by the hackers,

launching simulated attacks against networks or systems in order to seek out vulnerabilities.

Image by Anthony Riera

Red vs Blue Team
War Games

Gaming Event Competition

Actual Cyber Breach Scenarios

PROJECT TIMELINE

As a security architect, I have worked with many corporations and organizations that struggled with providing a clear and true way of identifying internet-facing assets such as IPs, ports, services, the use of SSL Certs, misconfigured servers and or network equipment. I needed to know the unknown in order to do my job.

Research Sources

Gartner Research:

Innovation Insight for Attack Surface Management

Published 24 March 2022 - ID G00748467

By Mitchell Schneider, John Watts, Pete Shoard

U.S. Department of Defense (DoD):

DoD Cybersecurity Discipline Implementation Plan

Line of Effort 3: Reduce Attack Surface

Forrester Research:

Find And Cover Your Assets With Attack Surface Management

January 6th, 2022

Jess Burn, Senior Analyst

With contributors:

Merritt Maxim, Alexis Tatro, Peggy Dostie

Gartner Research:

Hype Cycle for Security Operations, 2022

Published 5 July 2022 - ID G00770249

By Andrew Davies

OWASP:

Attack Surface Analysis Cheat Sheet

Published 2021 by CheatSheets Series Team

SURFACEER

We are excited about our new project.  Lots of hard work continues.  Please drop us your info so we can keep you updated.  

If you would like to request more information about Surfaceer our email is listed below.

Be the first to know!

Thanks for subscribing!

Definitions

DEFINITIONS

Attack Surface Assessment - An attack surface assessment is a methodical examination of an organization's digital environment to identify potential attack vectors and vulnerabilities. The assessment evaluates the organization's digital assets, such as hardware, software, network infrastructure, and internet-facing applications, to determine the possible ways an attacker could penetrate the organization's defenses.

The goal of an attack surface assessment is to provide an overview of the organization's security posture and identify the specific areas that are vulnerable to cyber-attacks. The assessment can help an organization identify and prioritize security improvements and develop a roadmap for mitigating potential security risks.

Attack Surface - Gartner has adopted the National Institute of Standards and Technology’s (NIST’s) definition of attack surface: “The set of points on the boundary of a system, a system element, or an environment [the assets] where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment. attack surface - Glossary | CSRC.

Attack surface management - is the process of identifying, monitoring, and reducing an organization's attack surface. The attack surface refers to all the possible points of entry that an attacker could use to compromise a system or network, such as open ports, weak passwords, unpatched software, misconfigurations, and third-party integrations.

Attack surface management involves a variety of activities, including:

  1. Inventory: Create an inventory of all the assets in an organization's infrastructure, including hardware, software, and cloud-based services.

  2. Assessment: Conduct vulnerability assessments and penetration testing to identify potential vulnerabilities in the infrastructure.

  3. Prioritization: Prioritizing vulnerabilities based on their severity and potential impact on the organization's security posture.

  4. Remediation: Fix vulnerabilities through patching, configuration changes, or other mitigation strategies.

  5. Monitoring: Continuously monitoring the infrastructure to identify new vulnerabilities or changes to the attack surface.

  6. Reporting: Generating reports on the organization's attack surface and security posture to help management make informed decisions about risk management and security investments.

 

By implementing attack surface management practices, organizations can proactively reduce their risk of cyber-attacks and improve their overall security posture.

Network Architecture - on-premise networks, SD-WAN networks, cloud networks (Azure, AWS, Google), data center networks

Internet-facing - Internet-facing assets (hosts) are entry points that are typically the most attacked hosts on an organization’s network.

  • Internet-facing assets:

    • Network components such as routers, firewalls, gateways, IP, Ports,

    • Website's

    • Application's

    • API’s

    • 3rd Party vendors' integration of internet-facing assets

Threat Landscape - The threat landscape means the entire scope of potential and recognized cybersecurity threats affecting networks, users, organizations, specific industries, or a particular time. 

Threat vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.

 

 

Security Event - A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having the authorization to do so.

Network Intrusion Detection - Network-based intrusion detection identifies unauthorized, illicit, and anomalous behavior based solely on network traffic.

bottom of page