Attack surfaces still aren’t being managed fast enough by IT: Report

IT departments aren’t managing their organizations’ attack surfaces anywhere near the speed at which threat actors are finding and exploiting vulnerabilities.

That’s the conclusion of a new report from Palo Alto Networks Unit 42 threat research team.
Cybercriminals are exploiting new vulnerabilities within hours of public disclosure, the report notes, but, on average, an organization takes more than three weeks to investigate and remediate a critical exposure.

For example, of 15 remote code execution (RCE) vulnerabilities actively used by ransomware operators, three were exploited within hours of disclosure. Six were exploited within eight weeks of publication.

“Most organizations have an attack surface management problem, and they don’t even know it,” the company said in a blog accompanying the report, “because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the internet.

“Defenders need to be vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers.”

Over 85 per cent of organizations analyzed had Windows Remote Desktop Protocol (RDP) internet-accessible for at least 25 per cent of the month, leaving them open to ransomware attacks or unauthorized login attempts.

The dangers are not just in on-premises environments, the report adds. The report estimates 80 per cent of security exposures are present in cloud environments, compared to on-premises at 19 per cent.

Nearly half of high-risk cloud-hosted exposures the study found each month were a result of the constant change by IT departments in cloud-hosted new services going online and/or old ones being replaced.

The report recommends organizations:

— have a complete and up-to-date inventory of hardware and software, both on prem and in the cloud;
— ensure vulnerability management processes can not only find and install the latest security patches but also discover and remediate misconfigured services;
— set a risk exposure rating for critical applications, for patch prioritization;
— monitor all remote access points for unauthorized logins;
— manage their attack surface with automated tools.

You can get the report here. Registration is required.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.