Fully Mapping Your Internet Facing Attack Surface

Webinar Registration

It’s popular to claim there is NO perimeter in networks today and you certainly don’t want to put all your eggs in one basket – the firewall. But there’s still a perimeter (thank goodness), and there’s still a vast risk differential between systems directly exposed to the Internet and those that aren’t. Those exposed systems and resources constitute your Internet-facing attack surface and deserve special attention when it comes to vulnerability management, because they are the most likely to be viable targets to the latest exploits.

However, you can’t protect what you don’t know about and there’s nothing more frustrating than finding out you were hacked via an easy-to-fix exploit that your vulnerability scanner could have fixed if you’d just known to scan that system.

The larger, older and more distributed your organization, the harder it is to keep track of everything on your network and every asset facing the Internet. Don’t be fooled into thinking it’s just a matter of scanning your known range of IP addresses.

The more sites, cloud services, teams, divisions and projects – the more stuff there is out there. In talking to vulnerability management professionals, it’s clear that organizations are invariably surprised when they systematically go about mapping out their full Internet-facing attack surface.

And attack surface isn’t just a factor of IT asset quantity. New technologies increase attack surface as well. Think about Memcached and Redis. Every network segment, every device and IP address, every open port and every piece of software and enabled feature constitutes attack surface.

In this real training for free event, we will discuss how to systematically survey your organization’s attack surface using every available piece of information. Here’s some of the resources we’ll explore:

Reverse DNS
Certificate databases
DNS domain names
IT vendor management
Internal netflow data and logs
Authentication and Identity Management systems

The goal is to ferret out everything exposed in any way to the Internet, so that you can ensure those assets stay fully hardened and up-to-date. Rapid7 is our proud sponsor and Rapid7’s Sr. Solutions Manager, Justin Buchanan, CISSP, will show you how InsightVM leverages Rapid7’s open data research, Project Sonar, to provide innovative ways for you to identify and assess your full attack surface.

Please join us for this real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.