Wednesday, 23 August 2023 16:10

ZeroFox Talks about the Value of Proper Attack Surface Management in Security

Written by

Reading time is around minutes.

Black Hat 2023 Las Vegas – One of the areas I wanted to focus on this year while at both Black Hat and Def Con was to get an understanding of the threat landscape from both an industry and attacker perspective. My conversations (I don’t really do interviews) all included parts that related to the general attack landscape. So, it only made sense that one of my conversations needed to be with ZeroFox For those of you that might not be aware, ZeroFox throws a great Black Hat party… no wait. ZeroFox is an external attack surface management company. If you only think of them in terms of social media intelligence, then you probably need to revisit them.

My conversation was with AJ Nash, VP of Threat Intelligence for ZeroFox and we kicked off the conversation with some updates on ZeroFox. Through a few acquisitions they have added some very nice tool sets and capabilities that increase their presence as an Attack Surface Management (ASM) company, but also provide some great “value adds” like Incident Response, Physical Security and more. From an ASM perspective, it is not what most would think of in terms of attack surface. Attack Surafe has come to mean endpoints, edge devices, etc. However, AJ rightly points out that this is only a small portion of an organizations Attack Surface. The reality of it is that “Attack Surface” is all exposures to attack. This includes social engineering, physical security (if you have physical locations), information leaking on the “darkweb”, and also chatter from certain parts of the internet. ZeroFox turns the generally accepted concept of cybersecurity on its head and approaches it in much the same way that you would on the battlefield.

I have commented on some of the top reasons that people lose a battle (not a comprehensive list).
Failure to understand the terrain
Underestimating your enemy
Overestimating you own capabilities
Untested Troops and Weapons
Improper/ineffective Support and Resupply
Poor or Ignored Threat Intelligence

ZeroFox looks to address a few of these through their services. By building context around your organization, they work to build an accurate representation of the “terrain” you are defending. With a proper inventory of assets (not just endpoints and servers) they build on this, so you know what you are defending. Monitoring the Dark web for leaked information and listening to chatter can help to give you a clear understanding of that the enemy can bring to bear in your organization (not just cyber-attacks). They use their own in-house sources to collect data and then enrich and work with that data to build a proper intelligence report of the threats against you. All of this information is available to you via their porta for a clear(er) view of the battlefield. ZeroFox can also help in understanding risks in travel via a travel assessment which includes not only a strategic view of the travel, but a view of threats at a tactical and logistical level. This view shows active threats in the area, any potential challenges that might impact travel resources (air and ground transport) or getting food etc. when you are in the location you are traveling to. This might not sound like a big deal, but when you look at it from an executive or leadership perspective it can be vital. One of my favorite things to do in a Tabletop Exercise (Incident Response, or Business Continuity/ Disaster Recovery) is to have people “traveling” and often I will inject a problem that impacts communication with them or adds another “oh shit” moment like a CFO being kidnapped or being close to some sort of physical attack. That is not just me being a jerk, these things happen in certain parts of the world still so there is a need to address them beforehand.

The threat landscape is constantly changing and very few organizations properly prepare for the fight. Some may subscribe to threat intelligence feeds, but most of those are just data points with little context of attempt to turn them into something that can be useful in prepping for an incident. Likewise little attention is paid to non-cyber threats like social engineering, malicious social media sites, executive travel, or physical security of offices and environments. These items are important (I would say vital) in preparing for the threat landscape beyond the endpoint. The problem is, most companies are having a hard enough time getting the budget for cybersecurity staff, how in the world are they going to get the money for threat intelligence staff? Well, ZeroFox can be that staff by extension. They can help you avoid two if not three of the main reasons battles are lost. The others are still on you, but with the right strategy, tied to the proper tactical leadership and logistical reality (pronounce that budget) those can be effectively addressed as well. Still, it is important to understand that you are just churning if your efforts are not tied to an understanding of the terrain and the threats you face, meaning your money and effort might be wasted by trying to cover everything, or the wrong things. Providing proper threat intelligence to add value and a return on security spending it something that ZeroFox brings to the table so you are not just blindly trying to protect your organization.

Read 862 times Last modified on Thursday, 24 August 2023 13:10

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.