What Do You Really Know About The
Security Posture Of Your External Attack Surface?
See the risks you’re exposed to with a vulnerability assessment.
Gartner’s Critical Insights for External Attack Surface Management (EASM) Solutions
As companies adopt a distributed IT infrastructure model, there is an increased need for companies to monitor and track the risk exposure created by external and third-party assets
KIRKLAND, Wash. and TEL AVIV, Israel, Sept. 14, 2021 — Cyberpion, a cybersecurity pioneer in external attack surface management (EASM), today presented research showing that nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data.
Key research findings:
Cyberpion collected these results by performing a cursory single-pass scan of the public and internet-facing assets of every Fortune 500 company in the first half of 2021.
According to Gartner1, “EASM is an emerging concept that is growing quickly in terms of awareness within the security vendor community but at a slower pace within end-user organizations…They help security professionals identify exposed vulnerabilities from known and unknown enterprise assets and prioritize the most critical issues to be tackled…EASM should be part of a broader vulnerability and threat management effort aimed at discovering and managing internal- and external-facing assets and their potential vulnerabilities.”
Traditional third-party risk management solutions have focused exclusively on the vendors and the IT infrastructures that are directly connected to the enterprise. This approach ignores the true scale of the problem and represents only the tip of the iceberg. Third-party vendors have also adopted a distributed IT infrastructure, and have built their applications and services using their own vendors and third parties. Those, in turn, build their solutions upon even more partners. This extensive ecosystem creates an external attack surface that is uniquely appealing to hackers and extremely complicated for enterprises to secure.
Hackers are finding it easier to takeover or exploit third-party vulnerabilities within the enterprise’s ecosystem in order to carry out attacks such as: malicious code injection (Magecart-style attacks), DNS hijacks, or abusing branded enterprise assets. These breaches ultimately lead to data loss, brand reputation damage, and stolen customer data for the enterprise.
“Security teams often can’t effectively defend against attacks stemming from third parties because they lack visibility into the total inventory and volume of assets they are connected to,” said Cyberpion CEO Nethanel Gelernter. “They are unaware of the exposure to these external vulnerabilities, and can’t identify and mitigate against these risks. In addition, the growth of these interconnected assets continues to explode due to trends in cloud-first architectures and digital transformation initiatives, meaning that assessing and protecting the attack surface has become even more challenging over time.”
About Cyberpion
Cyberpion solves the rising cybersecurity challenge of understanding the risks and vulnerabilities of your connected online assets that form an external attack surface. Knowing how your organization is vulnerable, where those threats come from, and what infrastructures are at risk, is critical to preventing an attack before it happens. Cyberpion helps organizations mitigate these advanced threats by continuously monitoring, discovering, and assessing the threat vectors present throughout online ecosystems that exist outside the traditional security perimeter. With a research and development team based in Israel, the company is funded by leading cybersecurity venture capitalists. To learn more, visit cyberpion.com.
For more information, please contact:
Josh Turner
Si14 Global Communications
josh.turner@si14global.com
+1-917-231-0550
1 Gartner, “Emerging Technologies: Critical Insights for External Attack Surface Management” by Ruggero Contu, Elizabeth Kim and Mark Wah, March 19, 2021
See the risks you’re exposed to with a vulnerability assessment.