Organizations increasingly face persistent and sophisticated cyber security threats with the rapid move to the cloud, remote workforce, and digital transformation efforts. Nowhere is this more pertinent than in large manufacturing, oil and gas organizations where the average cost of a downtime per minute can be anywhere between $5,000 to $10,000. But how can organizations protect themselves when they don’t know what they own?
The most visible example of this is the recent Colonial Pipeline ransomware attack. While the exact threat vector has not been identified yet, there were multiple vulnerabilities available for exploit that were open to the public internet - one being the infamous Remote Desktop Protocol (RDP.)
The breach served as a catalyst to drive the President to sign an Executive Order instructing the federal government to bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.
How did attackers breach an oil and gas pipeline critical to the East Coast? One possible avenue is publicly exposed RDP. According to Palo Alto Networks threat research team - Unit 42, over the course of the pandemic (Q1 - Q4 2020), RDP exposures have increased over 27% across all cloud providers and what is worse is that there has been an eight-fold increase in RDP attacks during the same time.
Unsurprisingly, exposed RDP was not the only issue that Colonial Pipeline faced. According to an internal audit performed by cyber insurance company Coalition and published by New York Times cybersecurity journalist Nicole Perlroth, Colonial Pipeline’s network had several other unpatched vulnerabilities that were potential avenues for exploitation, including the major Microsoft Exchange server flaws disclosed at the beginning of March. One can surmise that a major problem that led to so many undetected critical vulnerabilities - visibility.
According to the 2021 Xpanse Attack Surface Management report, it takes only 45 mins to scan the internet and attackers take about less than 15 mins to start scanning for vulnerable devices every time a CVE is announced. Organizations need to be faster than that.
Comprehensive and accurate visibility is the cornerstone of a robust cybersecurity program. Most organizations still depend on stale ARIN IP registration databases, outdated configuration management databases, spreadsheets, and emails to track their internet connected assets. What organizations need is a continuous, real-time, and updated view of their attack surface to discover, evaluate and mitigate exposures of their internet-connected assets.
Cortex® Xpanse™ helps organizations automatically discover their true attack surface in both the IT and OT space. Operational Technology (OT) is often built with a focus on improving operational efficiency and not security. As a consequence, most of their assets are publicly facing and this infrastructure at times even lacks the basic protections of a firewall given the nature of their deployments.
While IT cybersecurity breaches impact the privacy of customer data or the uptime of a website, OT attacks threaten the safety and lives of employees. The OT landscape is filled with outdated infrastructure and insecure systems.
Xpanse helps independently discover, evaluate, and mitigate both IT and OT attack surfaces of an organization. Unlike most asset inventory tools, Xpanse does not require any installation/agents or disrupt your day to day operations. Hence, Xpanse provides an easy and effective way to inventory and gain comprehensive and continuous visibility across your entire attack surface.
Xpanse already has several out of the box fingerprints to determine the asset landscape of both critical IT and OT deployments. With our ability to build custom policies, Xpanse has the ability to scale your asset management across your IT and OT environment to identify all critical infrastructure and services.