Understanding Enterprise Attack Surface Vulnerabilities
Palo Alto Networks’ Unit 42 has issued an important warning to enterprises about the increasing vulnerability of their attack surfaces. This report sheds light on how application layer protocols like SNMP, NetBIOS, and PPTP are particularly susceptible to attacks.
The attack surface of an organization represents all possible points where an unauthorized user could enter or extract data. As companies introduce or update an average of 300 services monthly, keeping up with security becomes a daunting task. In sectors like telecommunications and insurance, this number can exceed 1,000 services a month, intensifying the challenge for security teams.
The Risk of Rapid Service Expansion
Unit 42 highlights that rapid addition of services often lacks central IT security oversight, leading to misconfigurations and exposures. This scenario significantly increases the risk of breaches. Their Attack Surface Threat Report involved analyzing attack surface threats from 265 organizations globally over a year. Their findings revealed that new and updated services contribute to nearly 32% of high or critical cloud exposures.
Types of High-Risk Exposures
IT and networking infrastructure, business operations applications, and remote access services comprise 73% of high-risk exposures. Remote access services like Remote Desktop Protocol (RDP) and Secure Shell (SSH) are particularly concerning. When misconfigured, these can lead to unauthorized access.
Furthermore, unpatched systems and weak cryptography create entry points for attackers. For example, an unpatched router can allow an attacker to intercept network traffic, leading to data breaches.
Internet-Facing Vulnerabilities
Internet-facing resources are prime targets for attackers. Each unaddressed vulnerability in these resources represents a potential entry point. Attackers are capable of scanning huge numbers of IP addresses quickly; once inside, they can extract data swiftly, sometimes within a day.
Recommendations for Enhanced Security
To mitigate these risks, Unit 42 recommends organizations conduct continuous, comprehensive scans of their ports and devices. Creating an updated inventory of internet-connected assets can help identify and remedy vulnerabilities promptly.
Organizations should prioritize vulnerabilities using the Common Vulnerability Scoring System (CVSS) and the Exploit Prediction Scoring System (EPSS) to focus on the most critical ones.
Additional Security Measures
- Regularly Review Perimeter Resources: Ensure you can distinguish between expected and unknown assets.
- Utilize Automation: Automate the triaging and remediation process to quickly address vulnerabilities.
An accurate view of the attack surface is essential. Automation can help streamline finding asset owners and mitigating threats, which is crucial as new services are often added without IT oversight.
