COMMENTARY: For businesses looking to modernize and transform digitally, their infrastructure becomes increasingly connected to cloud environments, remote work setups, and third-party integrations.At the same time, enterprise networks are no longer limited to on-premises data centers. Today, an organization’s network extends across into hybrid and multi-cloud and SaaS environments. While these changes are all for increased efficiency, they also expand an organization’s external attack surface. Therefore, cybersecurity practices must adapt accordingly.Internet exposure defined An organization's internet exposure consists of the collection of assets that are accessible from the public internet, whether intentionally or unintentionally. These assets often include open ports, APIs, cloud storage, web apps, and sometimes forgotten servers and devices that are still connected online. These assets are often overlooked, unmonitored, or misconfigured, making them susceptible to security drift and increasingly vulnerable to cyber-attacks.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]In today’s threat landscape, attackers always scan the internet for exposed assets that might be a potential entry point. A single unpatched system can give attackers the leverage they need to enter and exfiltrate data from the business’s network, launch a ransomware attack, or some other malicious act. Discovering, assessing and monitoring all internet exposure has become critical for organizations looking to reduce the possibility of a cyber incident.Internet exposure’s role in vulnerability managementMost organizations have adopted a more connected information architecture, which means they must adapt the way they handle vulnerability management. Traditionally, vulnerability management was focused on identifying and remediating vulnerabilities within the organization’s infrastructure. Modern vulnerability management must contextualize the increased risk posed by external, internet-facing assets. Vulnerability prioritization now needs to account for real-world exposure, assessing where an organization’s digital assets are the most vulnerable to exploitation and attack.This means security teams need insights into which assets are most at risk, considering technical severity, asset type, business impact, sensitive data, and internet exposure. This risk-based approach to vulnerability management can help security professionals more effectively focus resources on the most critical exposures rather than low-risk vulnerabilities.Critical challenges vulnerability management teams face todayWhen security teams evolve their processes to integrate internet exposure into the vulnerability management process, it can create some challenges including:Best practices for considering internet exposure in vulnerability managementA comprehensive vulnerability management and cyber risk strategy needs to include specific consideration for externally facing assets, focusing on ongoing visibility, prioritization, and actionable insights. Best practices include:Digital innovation continues to speed up, which means an organization’s network and infrastructure will likely become more connected. For security teams, understanding and managing internet exposure has become a requirement. By integrating internet exposure into an organization’s cybersecurity strategy, security teams can leverage risk-based prioritization, continuous visibility, and collaboration to proactively identify and remediate the exposures that matter most.Aaron Unterberger, director of solutions engineering, Nucleus SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Resource constraints: It’s nothing new for security teams. They often face resource shortages for budget and personnel. Maintaining a continuous internet exposure management program can make it challenging.
- Asset visibility: Organizations often lack an all-encompassing inventory of their internet-facing assets, including shadow IT assets and outdated, forgotten, or misconfigured systems.
- Exploitation speed: Today, attackers scan for vulnerabilities faster than ever before, often finding them within hours of disclosure. Not every vulnerability gets exploited immediately, but there’s a growing need to secure internet-facing assets. This only adds to the workload facing security teams today, as they must identify and remediate vulnerabilities before they are exploited.
- Dynamic environments: New applications, devices, and services deployed can quickly change an organization’s exposure. To detect exposure, internet-connected configurations and assets must be monitored in real-time.
- Continuous discovery and monitoring: Security teams should implement continuous scanning to surface and assess all internet-facing assets. This helps them identify any unexpected exposures that may arise from updates or new deployments.
- Collaboration: Security teams should work with IT, DevOps, and application development teams, integrating secure practices into deployment workflows. This can include automated alerts for misconfigurations and exposed assets, so other teams can address some issues before they become security risks.
- Audits and assessments: Teams should conduct regular audits and assessments of internet-exposed assets, verifying configurations, closing access points that don’t need to be left open, and ensuring all systems are up-to-date and properly configured. Automated discovery tools can help speed up this process and minimize the manual effort involved.
- Prioritization by exposure and risk: Risk assessments can benefit from adding the context of exposure and business impact rather than just using technical vulnerability severity to prioritize. For example, a high-severity vulnerability in an internal system may pose less risk than a lower-severity vulnerability in an internet-facing system.
