RSAC 2022 trends: IBM, CrowdStrike and Wiz look to secure cloud attack surface

Today marks the first day of RSAC 2022, with organizations from across the world gathering to learn about the latest security innovations and announcements to find new ways to defend against modern threat actors.

As the event unfolds, it’s becoming increasingly clear that attack surface management, i.e., managing and securing public-facing assets that sit beyond the traditional network perimeter, is becoming an integral part of modern risk management, as organizations attempt to secure increasingly complex hybrid cloud environments. 

This was highlighted earlier today as IBM announced the acquisition of leading Attack Surface Management (ASM) vendor Randori, in an attempt to integrate the provider’s ASM platform alongside its extended detection and response (XDR) product, IBM Security QRadar so that organizations can maintain real-time visibility of the attack surface. 

Likewise, CrowdStrike also announced at the conference that it would be releasing a new graph database for the CrowdStrike Falcon platform that will provide security teams with a view of managed and unmanaged assets across the attack surface, including devices, users and accounts, applications and cloud workloads. 

Securing the new attack surface 

Attack surface management has emerged as a key trend at RSA because the growing adoption of cloud technology and the normalization of remote working, has created a sprawling attack surface that’s considerably more complex than securing a traditional network. 

According to ESG, 67% of organizations say their attack surface has increased over the past two years due to IT connections with third parties (32%), user device type diversity (32%), use of public cloud infrastructure (32%), use of software-as-a-service (SaaS) applications/services (30%), an increase in remote workers (28%). 

In this environment, familiar endpoint and network-based “ringfencing” approaches simply aren’t effective at keeping out threat actors who can find and exploit public-facing vulnerabilities. This is shown clearly by the fact that organizations report only 63% of their entire attack surface is resistant to attack. 

The reality is, in these complex environments, enterprises need a more comprehensive framework for mitigating digital risk and managing external assets and vulnerabilities from an attacker’s perspective. 

Stepping into an attacker’s shoes 

IBM’s acquisition of Randori marks an attempt by the organization to build an XDR and ASM solution that enables enterprises to step into an attacker’s shoes and to gain visibility over the type of vulnerabilities they’d look to exploit to gain entry to the environment. 

“Our clients today are faced with managing a complex technology landscape of accelerating cyberattacks targeted at applications run-in across a variety of hybrid cloud environments — from public clouds, private clouds and on-premises,” said Mary O’Brien, general manager at IBM Security. “In this environment, it is essential for organizations to arm themselves with [an] attacker’s perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimize business disruption and damages to revenue and reputation.”

By acquiring Randori, IBM will be able to help enterprises identify public exposures and vulnerabilities by mapping the attack surface to identify shadow IT risks and entry points and then offering prioritization so that security teams can mitigate the vulnerabilities attackers are most likely to exploit first. 

Gaining an understanding of the attackers’ perspective is half the battle of risk management. As Brian Hazzard, cofounder and CEO at Randori suggest, “to stay ahead of today’s threats, you need to know what’s exposed and how attackers view your environment.” 

Mitigating the cloud attack surface

While ASM solutions are becoming more and more popular, the effort to secure the attack surface is occurring more broadly, as organizations look for solutions to protect data stored or shared in cloud environments. 

For example, Wiz announced the launch of cloud detection and response (CDR), a cloud-based detection and response solution designed to enable security teams to identify cloud-based threats and equip them with the information they need to respond and limit their breach exposure. 

Likewise, RSA Innovation Sandbox Finalist and risk mitigation provider, Araali Networks also announced the general availability of Araali shield, a solution designed to identify and analyze cloud runtime risks, such as IAM, vulnerabilities, unused open ports, container privileges and file integrity.

The new solution will enable security teams to prioritize risk remediation in cloud environments with mitigation workflows to reduce the chance of security events that are often overlooked by traditional perimeter security solutions. 

“Dealing with cloud risk is not a likelihood game. We know that intruders are persistent and looking for novel ways and in spite of our best efforts they are also able to sneak in,” said cofounder and CEO of Araali Networks, Abhishek Singh. 

“The trick is to proactively develop capabilities to survive intrusions, to localize impact, so that overall business can continue to thrive without material impact,” Singh said. 

The efforts of providers like IBM, Randori, CrowdStrike, Wiz and Araali Networks to secure the cloud attack surface, highlight that cloud security is now integral to enterprise security as a whole. 

What’s next at RSAC for attack surface management? 

Given the importance of securing the external attack surface against modern threat actors, the idea of cloud security as a key risk management component will crop up throughout the conference. 

Tomorrow on June 7th, vulnerability and bug bounty provider HackerOne hosts a Cloud Security Fireside Chat with HackerOne CTO and cofounder Alex Rice and Coinbase chief security officer, Phillip Martin, to discuss attack resistance management and how organizations can identify what they own and how to protect it.