We’ve come to terms with the fact that we need both, an inside-out and an outside-in view to secure our brand from cyber threats. We of course also need to see what our firewalls see, and what comes through the SIEM, but what about everything else, beyond the firewall? Everything “out there”.
Specialized activities such as penetration (pen) testing, Red Team exercises, and attack surface monitoring (ASM) deliver invaluable outside-in. That’s a hacker’s perspective of your digital risk exposure. All three activities expose the things threat actors look for things security tools might miss, like issues with domains, ports, certificates, common misconfigurations, and vulnerabilities.
So which should you use, and when?
Pen testing (“been there, done that”?)
The idea behind pen testing is to find as many ways to compromise your infrastructure as possible. Since it’s best that testers don’t know their way around the system, companies usually engage contractors to “hack” away using brute-force attacks, SQL injections, social engineering techniques (email, phishing), or dedicated boxes used to achieve remote access.
Pen tests have been around a while and come in various flavors. White box, black box, and covert approaches that can involve, or surprise your team to varying degrees, with testing focused on exposure itself versus seeing how much damage hackers can do once they gain access.
Red Teams (“still here, still doing that”)
Some companies also hire “ethical hackers” or dedicated experts to break into their infrastructure. It’s a check to see how far they can go once they get past defenses. Red Team exercises may be narrower in scope, focusing on specific vulnerabilities to achieve specific goals. This can include compromising databases or personally identifiable information (PII) like credit card or social security numbers.
These exercises may include pen testing as well as attempting to physically breach the system (via phone lines, modems, wireless, industrial devices). Red Teams typically require specialized training and considerable orchestration.
A growing number of enterprises now devote skilled SOC or SecOps resources to Red Teaming as a next step or complement to pen testing. Both approaches add valuable intelligence into risk, but the insight ends when the testing ends. If a port gets left open, a workload moves to the cloud, a certificate expires, or someone makes a simple configuration error an hour later, a brand new weakness gets created.
ASI: What to do next—and keep on doing
A newer approach called attack surface management (ASM) introduces the idea of continuous coverage for ongoing visibility and protection. Rooted in automation, ASM employs AI-based platforms to monitor external risk associated with domains, vulnerabilities, misconfigurations, and other digital exposure.
Netenrich recently raised the bar for ASM with its new Attack Surface Intelligence (ASI) combining AI-led discovery with high-touch analyst reporting and remediation strategies. Part of our Threat & Attack Surface Intelligence suite, ASI also integrates proprietary insight from our Knowledge NOW (KNOW) free global threat intelligence. The integration of ASI and KNOW speeds resolution of digital risk and threat landscape management both in real-time and over-time.
ASI doesn’t just generate more data that creates even more work for your team. Netenrich delivers outcome-driven Resolution Intelligence that makes insights more personal and immediately actionable.
24/7 coverage for 25% of the cost
While straight-up comparisons between pen tests, Red Teams, and ASI get tricky—and ideally you might use them all—consider the “pros” and “cons” of each where resources are limited. The cost of regular pen testing – modest testing on a bi-weekly basis or extensive testing on a quarterly basis – can easily run $250K per year. By comparison, ASI provides continuous coverage at up to 75 percent lower cost.
With no setup required, coverage stays in force to help shrink your attack surface and promote faster response and a proactive stance over time.
See for yourself. Try ASI now FREE.
To experience the advantage of continuous coverage, try Netenrich ASI free for 30 days. You’ll receive an attack surface scan, access to the intelligence portal and dashboards, and expert analyst insights to address your most critical risks first.
See first and act fast to shrink your attack surface while saving time and money. Trials are limited and available on a first-come, first-served basis to qualifying enterprises, so don’t wait. Register now!