Page 97 - Cyber Defense eMagazine forJune 2021
P. 97
In the traditional fortress model, the enterprise has a clear perimeter and a solid understanding of what
is coming into and going out of the network. Today, thanks to SaaS and cloud services, there isn’t the
same visibility and the perimeter is more nebulous. What is the enterprise responsible for in this new
ecosystem, and what is the service provider responsible for?
External checks conducted by a trusted vendor that specializes in assessing measurement and risk
represents one of the most effective ways to verify that all places data is being stored are up to par with
security standards and protocols. Before the advent of the cloud, the attack surface was smaller, easier
to manage, and within the digital walls of the enterprise itself. Today, the attack surface has expanded
beyond the enterprise perimeter into a full digital supply chain ecosystem, making visibility more of a
challenge and additional perspectives a necessity.
What We Can Learn from Today’s Cybercriminals
One of the preferred methodologies of today’s attackers is known as the “scan and exploit” method, which
involves (as its name implies) scanning ranges and looking for vulnerabilities within applications on
various protocols to exploit. In the past, the goal of such activities was to exfiltrate data, but now it is more
common for attackers to encrypt that data and ransom it back to the enterprise. Ransomware attacks
have risen sharply over the past several years as this strategy has continued to prove effective.
It’s important to think like an attacker. An outside-in perspective can grant visibility into commonly
exploited protocols, such as publicly accessible SMB ports and open RDP ports—two of the most
commonly exploited protocols used in scan and exploit ransomware deployments. Organizations know
that attackers will scan for these open ports—and by doing so themselves, they can head those attacks
off at the pass. By conducting scans and analyses that mimic those conducted by attackers, defenders
can use the information they gather to improve network defense.
This level of visibility enables instantaneous, at-a-glance temperature checks on the posture of the
enterprise’s entire external perimeter. If external scans conducted by security professionals are
identifying potential vulnerabilities, the enterprise can be sure that the ones conducted by hackers will as
well.
Outside-In Visibility Enables Accurate Assessment
Security standards are rising. As breaches become more common, enterprises are expected to have
effective protections in place. Things like security ratings and external monitoring solutions are becoming
more valuable—and not just from a security perspective, but from a perception perspective as well.
Outside-in assessments of security capabilities are increasingly being used to accelerate procurement
processes, either to filter out riskier candidates or confirm that they fit the necessary qualifications. Many
businesses assess M&A targets in much the same way, further underscoring the importance of
understanding how an organization is viewed from the outside.
Today, enterprises might use an external security snapshot to gauge whether a contractor has effective
security solutions in place when they apply for procurement opportunities—and vice versa. Similarly,
cyber insurance providers often use external reviews as a guideline, and will likely continue to do so as
a growing number of businesses turn to the burgeoning industry to protect themselves from cyber risk.
As a whole, an outside-in perspective is increasingly considered an important best practice that can help
provide a portrait of an enterprise’s overall health and business risk—something particularly valuable in
Cyber Defense eMagazine – June 2021 Edition 97
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.