Security starts with visibility: you can’t protect what you can’t see. And yet, this is a perennial problem in cybersecurity. We’re excited to bring attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, Internet-facing assets. And we’re doing the latter in partnership with Bit Discovery, an innovative start-up founded by Jeremiah Grossman (previously co-founder of WhiteHat Security).
How bad is the attack surface visibility problem? The Trend Micro incident response team provides a big-picture view, estimating that over the last two years, roughly 50% of the serious incidents they handled began when an attacker compromised an unknown and/or vulnerable external-facing asset. (And if you’re wondering about the other 50%, almost all of that originated from phishing.)
Why is it so challenging to obtain a comprehensive view of the attack surface (and to keep it current after that)? There are many factors that contribute: organizations have shifted to SaaS and cloud services, employees have embraced work from home, shadow IT projects launch initiatives outside of regular processes, acquisitions broaden the attack surface overnight, and the visibility across this dynamic environment is frequently siloed in various commercial and home-grown tools – or is simply nonexistent.
To address this challenge, automated attack surface discovery is needed – but it must be accompanied by risk assessment and prioritization, otherwise, it will result in even more noise for already-overwhelmed security teams. Thousands of assets discovered, hundreds have serious vulnerabilities or misconfigurations – what needs to be targeted first? That’s the solution we’ve set out to deliver, with embedded technology from Bit Discovery helping discover the particularly vulnerable Internet-facing assets.
A modern attack surface discovery approach needs to leverage a range of telemetry sources in order to achieve broad visibility. Trend Micro’s Vision One performs discovery by synthesizing telemetry from Trend Micro products but also integrations to infrastructure and security products such as Azure Active Directory, Office 365, Qualys, Okta, Amazon AWS, Microsoft Azure, and more, along with the embedded functionality from Bit Discovery.
Bit Discovery brings powerful Internet-facing asset discovery to Trend Micro’s platform. Based on an initial “seed” as simple as a company’s primary domain name, Bit Discovery quickly identifies other domains owned by the same organization and provides detailed telemetry about all Internet-facing assets in the organization’s domains, sub-domains, and IP address ranges. This information includes vulnerability assessment, open ports, services running, TLS certificate information, and more, all helping Trend Micro perform an effective risk assessment.
Many competing approaches focus either on internal-facing or Internet-facing asset discovery, since the approach needed for each is vastly different. By embedding Bit Discovery functionality into Trend Micro Vision One, together we are enabling an industry first — a more holistic internal and external view that simplifies workflow, reduces duplication, and enables more effective prioritization. For example, a range of vulnerable servers and endpoints might be discovered and assessed, but those that are Internet-facing with highly-exploitable vulnerabilities would receive higher priority for remediation.
Instead of flooding the security team with noisy asset lists and unfiltered vulnerability reports, the combined capability of Trend Micro and Bit Discovery helps security teams focus on the assets that are most vulnerable to attack — and that keeps their organizations more secure.
To find out more about the latest security platform, Trend Micro One, please visit: https://www.trendmicro.com/en_us/business/products/one-platform.html