Latest CISA Directive Highlights Importance of Attack Surface Visibility
By Brad Brooks, Chief Executive Officer, Censys
Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive (BOD) requiring federal civilian agencies to enhance protections for devices on government information systems that use network protocols for remote management over public internet.
This is a highly commendable effort by CISA, addressing the risks federal agencies face by employing consumer devices that provide configuration and management capabilities over the public internet – particularly in the face of today’s ever-evolving threat landscape that often leaves security teams blind.
As directed by CISA BOD 23-02, upon the discovery of an internet-exposed networked management interface, agencies will have two weeks to either remove the interface from the internet by making it only accessible from an internal enterprise network (CISA recommends an isolated management network) or institute access control measures like zero trust architecture. This new directive applies to devices including routers, switches, firewalls and load balancers that allow agency administrators to provide remote configurations through a management interface accessible over public internet using HTTP, remote login services or file transfer protocols, among other methods.
As CISA Director Jen Easterly emphasized, “hackers are able to use network devices to gain unrestricted access to organizational networks, in turn leading to full-scale compromise.” In taking this action, CISA is making a real difference in further reducing the attack surface of the federal government networks.
Requiring the appropriate controls and mitigations, as CISA has outlined in BOD 23-02, is a critically important step in reducing risk to the federal civilian enterprise. And while the directive only applies to federal civilian agencies, CISA’s guidance should be heeded by all organizations both public and private.
This directive demonstrates how critically important it is for agencies and organizations to have clear insight into their attack surface, a truth legitimized further upon confirmation that several federal agencies using the MOVEit file transfer software have been impacted by recently discovered exploited vulnerabilities.
[Of Note: As with any incident involving common vulnerabilities and exposures (CVEs), we immediately conducted and completed our rapid response protocols and procedures; any Censys customers impacted in association with MOVEit were contacted and fully informed in real time.]
CISA is leading the charge in the fight against the exploited vulnerabilities and cybersecurity threats at a critical infrastructure level. Censys is proud to be CISA’s contracted data collection partner, and it is a privilege to serve our patriotic duty in defense of the United States.
This is precisely where Attack Surface Management comes into play, and where Censys can help.
Attack Surface Management (ASM) is a proactive approach to exposure management involving the continuous discovery, inventory, and monitoring of an organization’s IT infrastructure, both known and unknown. ASM gives security architects the ability to understand and share context across teams to become proactive in building secure solutions and protecting the critical data.
Censys Attack Surface Management is a best-in-class ASM solution which discovers, inventories, and monitors total Internet exposure, empowering security teams to gain full visibility into their attack surfaces. Censys ASM puts you in the attacker’s POV, and outside-in view of every asset and exposure is refreshed daily, hourly, or on-demand, giving your agency or organization near-real time visibility and context so you can manage and communicate your cybersecurity posture. Your external attack surface is also assessed for risks and each is prioritized by what is important to you.
For security professionals who protect the organization, Censys is the best at understanding exposures attackers will exploit, providing an integrated system of vigilant offensive protection.
The reality is that attack surfaces have grown beyond the scope of what traditional security tools and practices can effectively manage. Many security professionals across both public sector and commercial enterprise are simply unable to comprehensively discover, manage, and protect their rapidly growing attack surfaces.
Amidst the growing uncertainty of who to trust and what tech to deploy, one thing is only becoming more clear: it is becoming incredibly challenging for security teams to identify risks and take action. Through this directive, CISA is taking a proactive step in the right direction to ensure holistic protection.
Request a demo today to see your attack surface in real time.