I’m a huge movie fan. Korean and French cinema are current favorites, but there’s a special place in my heart for old martial arts flicks. You know the ones, utterly campy and unrealistic, but hugely entertaining. I’m thinking of those movies that showcase Jean Claude Van Damme delivering a perfectly executed head kick. He doesn’t blow out the undercarriage of his jeans, the enemy is compliant and stationary, and there are enough cameras to capture the impact from sixteen different angles delivered in smash cuts perfectly timed to the music. Ludicrous, but great fun.
But there are other hugely compelling themes in movies like these. We’ve all seen the scenes where the martial arts initiate is blindfolded and told to defend himself. As with all of these quests, he is judged ready when he’s defending himself effortlessly. Devoid of visual cues, when something encroaches his space, he uses subtle air movements and femtosecond response times to avert disaster.
It struck me that many modern organizations are operating in a similar way. Blindfolded to the existence of threats outside the firewall, internal security teams are relying on subtle air movements and femtosecond response times to fight off attackers. The problem is that even the best resourced security team cannot operate like this. They can’t detect the subtle air movements of attackers inside the perimeter and they definitely don’t have femtosecond response times.
Sophisticated attackers employing “living off the land” attacks know that their use of PowerShell, and other commodity IT tools, blends into a background of normal IT operation. This means that the commands to enumerate service accounts with replication permissions and the subsequent spoofed handshakes to grab the associated NTLM hash will go unnoticed. Subtle air movements. The hash is quickly exfiltrated and stuck on an HPC grid for cracking. Femtosecond response times. When the attacker comes back with replication permissions on your domain, it’s basically game over.
The thing is, security teams can only scale these days by better handling of false positives, improved threat intelligence, and deploying additional protective controls where there is additional risk. If you understand your external attack surface, you’re far better equipped to understand where these threats come in and the likely TTPs that will be employed. All of these things are attendant benefits of a coherent external attack surface management program.
By understanding your external attack surface, you’re taking control of the thorniest issues facing organizations today: visibility and governance. A proliferated supplier ecosystem means asset sprawl, poor oversight of your suppliers means an immediate dilution of your security posture, and attackers using tools to enumerate internet facing vulnerabilities means they are better informed than you are about your weaknesses.
This is where Censys can help. By massively augmenting the visibility offered to security teams, Censys’ best-in-class daily external attack surface management capabilities mean that those teams can actually be ahead. Full visibility of your attack surface and all the associated risks, and the strongest interoperability with your entire security ecosystem. You can see where the attacks could come in, you can see your exposures and risks and those of your partners and your cloud providers.
Imagine Van Damme without the blindfold on. The kindly but severe sensei wouldn’t even get close. What if that were true of cyber attackers too?