News

|

Feeds

|

Email

WALTHAM, Mass., Oct. 13, 2021 /PRNewswire/ -- Randori, the company who attacks to protect, today released its first-ever 2021 Attack Surface Management Report: the Internet's Most Tempting Targets. The report uses Randori's patent-pending Target Temptation model to identify which internet-exposed assets an attacker is likely to go after and exploit, assigning each asset a unique attacker Temptation Score. The report then determines the prevalence of those highly tempting assets on enterprise attack surfaces globally.

Leading up to the anniversary of the Solarwinds hack, and after a very tumultuous year in cybersecurity--especially with ransomware and supply chain attacks--Randori wanted to understand the ongoing prevalence of internet-facing assets that contribute to these attacks. This report consolidates Randori's insights about attack surfaces into actionable data and advice.

Top Trends include:

    --  One in 15 organizations currently runs a version of SolarWinds that is
        known to be actively exploited or highly tempting. These versions have
        an average Temptation Score of 40.
    --  15% of organizations are running an outdated version of IIS 6, which
        hasn't been supported by Microsoft for six years. IIS 6 has an average
        Temptation Score of 37.
    --  38% of organizations use Cisco's Adaptive Security Appliance (ASA)
        firewall, which has a history of public vulnerabilities. It has a
        Temptation Score of 37.
    --  46% of organizations are running Citrix NetScaler, which has a history
        of public exploits, and if hacked would give an adversary high
        privileges. It has a Temptation Score of 33.
    --  3% of organizations still run older versions of Microsoft Outlook Web
        Access (OWA) -- versions 15.2.659 or older -- despite the recent
        Exchange hacks and several known exploits. The average Temptation Score
        is 38.
    --  More than 25% of organizations have RDP exposed to the internet, which
        when exposed to the internet, increases the risk for attacks, including
        ransomware.

"I'd wager the remaining vulnerable SolarWinds instances are there because of ignorance, not negligence. Organizations struggle to know what they have exposed on the internet. Cloud migration and the work-from-home boom dramatically increased the number of exposed assets, and people can no longer rely on existing security strategies to understand their attack surface," said David Wolpoff, CTO and cofounder Randori. "Many assume prioritizing based on vulnerability severity will keep you safe. But that's simply not true. Attackers think differently, and vulnerability severity is just one of many factors weighed by an attacker. Our hope with releasing this report is that people will get deeper into the attacker's mindset, apply attacker logic to their security programs, and get one step ahead."

Get tips on how to better secure an attack surface in our blog, or download the full Attack Surface Management Report for a comprehensive analysis on the most tempting assets, and to take a deep dive into the six attributes an attacker considers when determining what to exploit.

Randori is dedicated to helping organizations better understand what's on their perimeters to reduce their attack surface and stress test their security programs --all to build more resilient security programs. Get a free attack surface review or learn more about our continuous red teaming platform.

Randori's 2021 Attack Surface Management Report Methodology
The 2021 Randori Attack Surface Report looks at attack surface data across millions of internet-exposed assets, and applies its patent-pending Target Temptation Engine to determine relative likelihood an asset will be attacked, the Temptation Score. The Temptation Score applies a proprietary weighting of six different attributes to determine the Temptation Score of an asset. Millions within Randori's unique dataset were analyzed when doing this report during the month of August 2021.

About Randori
At Randori, we attack to protect. Recognized by Gartner & IDC as a leader in Offensive Security, the Randori Platform unifies Attack Surface Management (ASM) and Continuous Automated Red Teaming (CART) to provide enterprises the visibility, actionable insights and validation they need to proactively prevent breaches. Customers like VMWare, Greenhill Inc, FirstBank, NOV, Lionbridge and many more, trust the Randori platform, which was designed by the world's foremost offensive security practitioners at nation-state levels. Discover what's exposed on your attack surface today at randori.com and get the latest insights by following Randori on Twitter and Linkedin.

View original content to download multimedia:https://www.prnewswire.com/news-releases/randori-report-finds-that-one-in-15-organizations-still-run-a-vulnerable-or-tempting-version-of-solarwinds-301398818.html

SOURCE Randori

Email

|

Slashdot

|

Digg

|

Del.icio.us

|

Feeds

RELATED NEWS ARTICLES

Indusface redefines WAAP user experience with industry-first innovations in AppTrana | Mar 28, 2025 EXECUTIVE PRODUCER BRADLEY COOPER'S FILM CAREGIVING TO PREMIERE ON PBS FOR NATIONWIDE BROADCAST JUNE 24 STREAMING BEGINS MAY 27 | Mar 28, 2025 Trend Micro Launches Voice-Enabled ScamCheck Capability to Help Protect Consumers from the Rising Threat of Global Scams | Mar 28, 2025 Splitit Unveils First Fully Embedded White-Label Installment Solution for Shopify Merchants | Mar 28, 2025 /C O R R E C T I O N -- Bell Canada (MTL)/ | Mar 28, 2025 Keeper Security Unveils Latest WearOS App for Seamless Password Management | Mar 28, 2025 Leading Endpoint Protection Solutions for Combatting Cyberthreats Identified in Info-Tech Research Group's New Emotional Footprint Report | Mar 28, 2025 Hornetsecurity named Top Player in Radicati's Secure Email - Market Quadrant 2025 | Mar 28, 2025 Ontinue Research Reveals Ransomware Attacks Surged 132% Despite 35% Drop in Payments | Mar 28, 2025 Identity Theft After a Data Breach? Legal Action May Recover Your Losses | Console & Associates | Mar 28, 2025