The Internet’s Most Tempting Targets

What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.

The number of exposed assets keeps climbing, but existing security strategies aren’t keeping up. Attack surfaces are getting more complex, and the excruciatingly hard part is figuring out where to focus.  For every 1,000 assets on an attack surface, there is often only one that’s truly interesting to an attacker. But how is a defender supposed to know which one that is?

This becomes especially difficult in the wake of Log4j. Even Jen Easterly made a point to remind people that enumerating what’s on your attack surface is a key way to mitigate a Log4j incident.

I’m a pretty busy person, so I’m always seeking out the path of least resistance — as are most attackers. We have to operate within limited budgets, and our technical capabilities have an upper bound — we’re not magicians. This is where flipping your perspective will help not only identify what’s exposed on your attack surface, but also what’s most likely to be targeted by an attacker. I guarantee it will dramatically improve your team’s efficiency, reduce overall risk and ensure you’re always focused

Read More: https://threatpost.com/internet-most-tempting-targets/177869/