How to secure a bigger attack surface in a changing IT landscape

Like many businesses, you've embraced cloud, IoT and hybrid working and probably also found that you need a more evolved approach to cybersecurity. You have more users working in more spaces, more devices and assets in more locations, and more data in more places. With significant changes to your network perimeter, more SaaS applications and cloud storage, and a growing reliance on third-party ecosystem apps, your attack surface has expanded considerably. In other words, you are more exposed as a target for malicious actors to hit and inflict damage.

Meanwhile, the types and frequency of attacks have increased. Phishing techniques, for example, have continued to grow in sophistication. AI is being used by attackers to make them more convincing than ever and to increase the scale and automation of attacks. According to Orange Cyberdefense Security Navigator 2024, there was a 30% increase year-on-year in detected cybersecurity incidents, with end-user devices the most impacted asset at 28%. The past year saw the highest number of cyber extortion victims ever, with an increase of 46% worldwide and a geographical shift towards Asia Pacific and EMEA.

Traditional cybersecurity is no longer enough

Security testing must be customized to every organization's needs, risks and resources. While approaches vary, three fundamental principles remain consistent: testing everything, ensuring accuracy to minimize false positives, and conducting frequent tests - ideally weekly - are required to achieve full coverage and maintain effectiveness.

On average, companies use 53 security tools, consisting of a mix of commercial and open-source solutions. However, these tools often fall short in terms of coverage, accuracy and frequency. Overextending these tools to stretch budgets leads to more work, less value and a false sense of security.

Orange Cyberdefense finds that vulnerability scanning covers only about 60-70% of known assets, while penetration testing offers even less coverage, as it typically focuses on high-value assets. Vulnerability scanners are helpful but notorious for generating false positives due to their reliance on unvalidated CPE and CVE mappings. Penetration testing, while more accurate because it's human-validated, is limited in scope, time-consuming, and dependent on the expertise of those conducting tests. Moreover, pen testing is typically carried out periodically, focusing on predefined IP ranges and web servers, which leaves gaps in areas like shadow IT, SaaS and cloud environments. Traditional methods often only address around 30% of an organization's attack surface, leaving 70% untested and vulnerable.

While the attack surface continues to grow, traditional cybersecurity methods are no longer sufficient for keeping all your external-facing assets safe. Attackers don't work to the same schedule as you do - they're constantly evolving their techniques and launching attacks continuously. So, annual, quarterly and even monthly assurance activities aren't enough to keep up with the rate of change in the frequency and tactics of bad actors. This is where External Attack Surface Management (EASM) comes in.

What is EASM and how does it help?

EASM is the practice of identifying potential vulnerabilities and security gaps in your public-facing digital attack surface. It's a more proactive and continuous approach that works as hard to keep your assets safe as your attackers do to try and do you harm.

EASM works continuously to discover and map your entire digital attack surface, identifying the boundaries of your public-facing IT assets. It provides an attacker's view of your external attack surface using real-world reconnaissance techniques, so you can see your assets just as the attackers would. Through a combination of ongoing techniques including penetration testing, vulnerability assessments, red teaming, zero-day hunts and automated scanning, EASM continuously assesses your perimeter and asset ecosystem for vulnerabilities and risks. And thanks to real-time insights and continuous monitoring, you gain immediate visibility and remediation of potential threats across your IT estate. This ensures a constantly updated view of your external attack surface, offers enhanced protection and minimizes the risk of exploitation.

This approach also helps to meet forthcoming legislation that requires a more proactive cybersecurity model. In Australia, the Australian Prudential Regulation Authority (APRA), which regulates financial services, recently released a Practice Guide ahead of the Prudential Standard CPS 230, which will come into effect on July 1, 2025. CPS 230 focuses on operational risk management, and the legislation presents an opportunity for companies to establish a continuous posture like EASM.

Singapore has similar regulations from the Monetary Authority of Singapore, as does Hong Kong, and it's likely that comparable regulations will follow in more industries.

Orange Cyberdefense is your expert EASM partner

Orange Cyberdefense EASM combines our world-class security expertise with data analysis at scale to give you a comprehensive security posture designed for today's bigger attack surface. In addition to our in-house expertise, we deploy a platform called watchTowr that uses advanced adversary tactics and real-time reconnaissance to provide an attacker's view of your external attack surface. watchTowr assesses your entire digital footprint, including shadow IT, unknown SaaS platforms, IoT, cloud environments, infrastructure providers, subsidiaries and more.

We also integrate EASM with advanced security solutions like Zero Trust architecture and employ AI and machine learning (ML) to evaluate threat information and vulnerability data. This gives you a risk score for each asset. Our proactive and risk-based approach is designed to reduce potential threats to your attack surface and ensure the most severe threats are addressed first, improving your overall security posture.

Gartner has identified attack surface management as an emerging technology space and reported, "Organisations have to manage a growing attack surface as their technological environments become increasingly complex and dispersed, both on-premises and in the cloud."

Orange Cyberdefense EASM gives you expanded visibility of your asset estate, continuous assurance and identification of vulnerabilities, and rapid reaction to potential threats. Our EASM gives you the power to see the gaps and risks in your attack surface that you might not be aware of and protect them before they can be exploited. Worry not with EASM and make it the next essential component of your organization's cybersecurity strategy.

To learn how Orange Cyberdefense can help you protect a larger attack surface in APAC and beyond, or about our other cybersecurity solutions, please visit Orange Cyberdefense.

Recommended for you

• When cyber extortion spares no one
• Orange Cyberdefense rated a major player