WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Thursday, October 21, 2021 
Add Press Release News | News Feeds Feeds | Email This News Email

Randori Report Finds that One in 15 Organizations Still Run a Vulnerable or "Tempting" Version of SolarWinds
Thursday, October 21, 2021

Report is the first-ever to assign technology solutions an attacker "Temptation Score"--identifying the IT assets an attacker is most likely to target for exploitation

WALTHAM, Mass., Oct. 13, 2021 /PRNewswire/ -- Randori, the company who attacks to protect, today released its first-ever 2021 Attack Surface Management Report: the Internet's Most Tempting Targets. The report uses Randori's patent-pending Target Temptation model to identify which internet-exposed assets an attacker is likely to go after and exploit, assigning each asset a unique attacker Temptation Score. The report then determines the prevalence of those highly tempting assets on enterprise attack surfaces globally.

Leading up to the anniversary of the Solarwinds hack, and after a very tumultuous year in cybersecurity--especially with ransomware and supply chain attacks--Randori wanted to understand the ongoing prevalence of internet-facing assets that contribute to these attacks. This report consolidates Randori's insights about attack surfaces into actionable data and advice.

Top Trends include:

    --  One in 15 organizations currently runs a version of SolarWinds that is
        known to be actively exploited or highly tempting. These versions have
        an average Temptation Score of 40.
    --  15% of organizations are running an outdated version of IIS 6, which
        hasn't been supported by Microsoft for six years. IIS 6 has an average
        Temptation Score of 37.
    --  38% of organizations use Cisco's Adaptive Security Appliance (ASA)
        firewall, which has a history of public vulnerabilities. It has a
        Temptation Score of 37.
    --  46% of organizations are running Citrix NetScaler, which has a history
        of public exploits, and if hacked would give an adversary high
        privileges. It has a Temptation Score of 33.
    --  3% of organizations still run older versions of Microsoft Outlook Web
        Access (OWA) -- versions 15.2.659 or older -- despite the recent
        Exchange hacks and several known exploits. The average Temptation Score
        is 38.
    --  More than 25% of organizations have RDP exposed to the internet, which
        when exposed to the internet, increases the risk for attacks, including

"I'd wager the remaining vulnerable SolarWinds instances are there because of ignorance, not negligence. Organizations struggle to know what they have exposed on the internet. Cloud migration and the work-from-home boom dramatically increased the number of exposed assets, and people can no longer rely on existing security strategies to understand their attack surface," said David Wolpoff, CTO and cofounder Randori. "Many assume prioritizing based on vulnerability severity will keep you safe. But that's simply not true. Attackers think differently, and vulnerability severity is just one of many factors weighed by an attacker. Our hope with releasing this report is that people will get deeper into the attacker's mindset, apply attacker logic to their security programs, and get one step ahead."

Get tips on how to better secure an attack surface in our blog, or download the full Attack Surface Management Report for a comprehensive analysis on the most tempting assets, and to take a deep dive into the six attributes an attacker considers when determining what to exploit.

Randori is dedicated to helping organizations better understand what's on their perimeters to reduce their attack surface and stress test their security programs --all to build more resilient security programs. Get a free attack surface review or learn more about our continuous red teaming platform.

Randori's 2021 Attack Surface Management Report Methodology
The 2021 Randori Attack Surface Report looks at attack surface data across millions of internet-exposed assets, and applies its patent-pending Target Temptation Engine to determine relative likelihood an asset will be attacked, the Temptation Score. The Temptation Score applies a proprietary weighting of six different attributes to determine the Temptation Score of an asset. Millions within Randori's unique dataset were analyzed when doing this report during the month of August 2021.

About Randori
At Randori, we attack to protect. Recognized by Gartner & IDC as a leader in Offensive Security, the Randori Platform unifies Attack Surface Management (ASM) and Continuous Automated Red Teaming (CART) to provide enterprises the visibility, actionable insights and validation they need to proactively prevent breaches. Customers like VMWare, Greenhill Inc, FirstBank, NOV, Lionbridge and many more, trust the Randori platform, which was designed by the world's foremost offensive security practitioners at nation-state levels. Discover what's exposed on your attack surface today at and get the latest insights by following Randori on Twitter and Linkedin.

View original content to download multimedia:

SOURCE Randori

Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav Worldwide IoT Security Industry to 2026 - Featuring Allot, Armis and Fortinet Among Others | Oct 21, 2021
Nav Insights on the Partner Relationship Management Global Market to 2027 - Featuring Allbound, Mindmatrix and Kiflo Among Others | Oct 21, 2021
Nav United States E-commerce Software Market Report 2021-2025 Featuring Shopify, BigCommerce Holdings, Squarespace, & | Oct 21, 2021
Nav CobbleStone┬« Named Market Leader in the Fall 2021 Contract Lifecycle Management Software Customer Success Report | Oct 21, 2021
Nav KORE President and CEO to Headline Mobile World Congress Session on IoT Security | Oct 21, 2021
Nav Banty's Dr. Richard Tytus Explains Why Telemedicine is Suitable for Most Communities | Oct 21, 2021
Nav Aviat Networks Sets Date for Its First Quarter Financial Results Announcement and Conference Call | Oct 21, 2021
Nav HelpSystems Acquires PhishLabs to Continue Expansion of Cybersecurity Portfolio | Oct 21, 2021
Nav NINJIO Now Available on VIZIO WatchFree+, VIZIO's Free Streaming Service on SmartCast | Oct 21, 2021
Nav Cybereason CEO Lior Div Named a Featured Speaker at the CNBC Disruptor 50 Summit | Oct 21, 2021

Submit News | View More News View More News