The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us

The knowledge you need to manage and protect your attack surface.

What's New Blog

Attackers Are Paying Attention as Remote Working Becomes the New Norm

By Rob Gurzeev
CEO & Co-Founder
April 21, 2020

With many organizations now adopting an almost entirely working-from-home (WFH) model as the world shelters-in-place to battle the COVID-19 pandemic, understanding how attackers might exploit remotely accessible entry points and how you can block them has never been more critical. Organizations are expanding and purchasing new virtual private network (VPN) solutions that allow access to business applications using an internet connection. Similarly, there’s greater use of remote desktop solutions and more reliance on cloud environments and applications with employees working off premises. VPN and remote access gateways have always been ideal candidates for adversaries to target; increased use in the wake of COVID-19 amplifies these risks. 

As you expand your organization’s capacity for WFH, make sure that you are also using best practices for securing your newly expanded attack surface. Let’s take a look at some of the key risks with VPNs, remote desktop protocol (RDP) and cloud services. 

VPN Risks

VPN solutions vary widely in their performance, quality and approach to security. When relying on a VPN for secure transmissions, your organization should institute an independent verification of the security of your implementation. Of course, having a VPN provider check the security of their own solution is a start, but it’s not enough because it’s like relying on the company setting up a security fence to verify its effectiveness; if that fence provider is asked if the fence is adequate, they will say yes.

Beyond configuration issues, there are a number of common security issues related to VPN gateways. These vulnerabilities include remote code execution, file path traversal and password modification that can lead to credential theft and internal network compromise. For example, CVE-2019-11510 is a vulnerability that allows an unauthenticated remote attacker to gain access to private keys and user passwords. First identified in May 2019 for Pulse Connect Secure, Pulse Secure’s SSL VPN is still unresolved on a significant number of enterprise networks. 

RDP Risks

The CyCognito platform observed a 7x increase in the number of newly deployed, and thus exposed, RDP servers in March over previous months, which is not surprising given the massive shift to remote working. What is surprising is that two-thirds of those RDP servers don’t have the recommended Network Level Authentication (NLA) implemented. NLA is a mitigation to prevent unauthenticated access to the RDP tunnel and dramatically decreases the chance of success for RDP-based worms. Our analysis further reveals that 18 percent of Fortune 1000 companies have RDP servers without NLA or VPN protection.

NLA is recommended as protection against vulnerabilities like BlueKeep, CVE-2019-0708, a widespread and wormable RDP vulnerability discovered last year that still exists on many networks. First made public on May 14, 2019, BlueKeep enables attackers to perform unauthenticated, arbitrary remote code execution. There were a million devices exposed to BlueKeep a year ago and our research shows that nearly half a million devices on the internet are still susceptible to it, including Fortune 1000 companies. There are several public exploits for this vulnerability, significantly reducing its exploitation complexity. Because the vulnerability enables remote code execution and requires no authentication, it has been compared to “EternalBlue”, which enabled the 2017 WannaCry attack.

Cloud Services Risks

Given the convenience and agility that cloud services (IaaS, PaaS, SaaS) offer, studies show that organizations currently run 38 percent of workloads in public cloud and that percentage had already been on a trajectory to continue to rise. Increased use of cloud services will no doubt be fueled by the rapid rise in remote work by enterprise employees this spring. Data from the CyCognito platform shows that this increases IT risk significantly: public cloud assets harbor a disproportionate share of an organization’s critical attacker-exposed risks, with critical issues in cloud assets occurring at 3 to 6 times the volume of critical risks in on-premises assets.

The ongoing increase in cloud adoption — whether sanctioned or shadow IT — and the resulting increase in security risks is a reality that security teams must factor in as they manage their security programs. The increased risk associated with cloud services may be due to lack of visibility to abandoned cloud environments spun up by various departments or, and more significantly, due to the fact that legacy security tools are simply not designed to identify cloud assets and the attack vectors associated with them. In any case, working remotely will undoubtedly fuel more growth in the adoption of cloud services, increasing the need to secure these environments. 

Stay Vigilant

Attackers are opportunistic. We knew they wouldn’t miss the quick evolution to working from home. They already know how to exploit WFH-related vulnerabilities, so now the scale of their opportunity increases. Our guidance doesn’t change in the face of the accelerated risk created by the pandemic. Your best defense is to view your attack surface the same way an attacker does and mobilize quickly to eliminate their easiest points of entry. 

1 Rightscale 2019 State of the Cloud Report from Flexera


Recent Posts

Top Tags

CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.