Lost & Found: Group-IB Unveils AssetZero

Intelligence-Driven Attack Surface Management
With the size of digital footprints and security perimeters at an all-time-high, maintaining a complete and up-to-date asset inventory is becoming a serious challenge for businesses. Assets that aren't properly managed undermine network security investments and create serious risks. An unmanaged asset could be a forgotten cloud instance running vulnerable software, a misconfigured database that is unintentionally exposed to the open web, or a web server that was deployed without being added to official asset inventories.
External attack surface management (EASM) is an emerging category of products that overcome these types of problems and oversights that exist beyond the view of traditional security tools. In particular, EASM solutions continuously discover all of an organization's external IT assets, create an asset inventory, check for potential vulnerabilities, and prioritize issues for remediation. This even includes situations in which threat actors have taken control of a business's infrastructure.

In this current threat landscape, businesses need a quick way to assess their exposure and stop these critical but ultimately avoidable incidents. That's why Group-IB created AssetZero, an intelligence-driven attack surface management solution. AssetZero increases the impact of existing security practices, like vulnerability assessments and penetration tests, and goes beyond other EASM solutions by integrating threat intelligence data that is mapped to the user organization's infrastructure to identify high-risk issues for remediation.
Digital footprints are expanding, leading to shadow IT
Cloud migrations, mass digitization, business growth, and M&As are all leading to a rapid and unprecedented expansion of digital footprints. This is true for organizations in all industries and regions. New services and applications are constantly deployed across different infrastructures: on-premise data centers, private clouds, public clouds from multiple cloud service providers, plus infrastructure hosted by third-parties, such as SaaS providers.

The sheer size of digital footprints, combined with the increasing complexity of modern IT infrastructures, makes it very challenging for businesses to maintain complete visibility on all IT assets in their environment. External assets that are unknown to the host organization are known as "shadow IT." In short, this term refers to Internet-facing assets that are not being actively patched, managed, or secured.

Shadow IT creates gaps in the security perimeter that add avoidable risk and increase the probability of a breach. Back in 2016, Gartner estimated that "by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources."

Recent research from IBM confirms these predictions. In 2021, the IBM X-Force Threat Intelligence Index report found that "Scan-and-exploit was #1 initial attack vector," representing the primary vector in 35% of attacks.

These numbers are also supported by data collected by the Group-IB Computer Emergency Response Team (CERT-GIB).
In 2021, over 50% of DFIR cases stemmed from a preventable, perimeter-based security error.
External Attack Surface Management: An Emerging Technology
As digital footprints and the complexity of IT infrastructures continue to grow, it is becoming more and more important for organizations to maintain a complete and up-to-date asset inventory list. This is where external attack surface management solutions come into play.

External attack surface management (EASM) is an emerging technology category that automates the process of mapping out all of an organization's external IT assets, including shadow IT. While this is the primary function of EASM products, they often provide additional features that help organizations to gain full visibility, manage risk, and improve security.

Automated Asset Enumeration

EASM tools automate the process of identifying and inventorying external assets, including shadow IT and forgotten infrastructure.

Continuous & Recursive Discovery

Because EASM solutions are automated, they can work 24/7 without any direct oversight or manual input from security personnel. New assets are identified almost immediately after they are deployed.

Identification Of Potential Vulnerabilities

After inventorying all external assets, EASM products check for potential vulnerabilities. This includes everything from vulnerable hardware and outdated software to expired SSL certificates and open ports.

Prioritization Of Issues

To help manage and mitigate risk, EASM tools assign a quantitative risk score to all identified assets. Issues are prioritized according to the risk level.

Streamlined Remediation

WIth all issues scored and prioritized, security teams can make the most of time dedicated to remediation, enabling high-impact fixes that dramatically improve security posture with a limited investment of resources.

AssetZero: Intelligence-Driven Attack Surface Management
AssetZero is a fully cloud-based SaaS solution designed to discover, assess, and help manage the external attack surface. The Group-IB solution continuously scans the entire IPv4 space and beyond to identify all Internet-facing assets, including shadow IT, forgotten infrastructure, and misconfigurations that may be causing an internal asset to be exposed to the open web.
All of these assets are then displayed in a graphing analysis that shows how these services and resources are interconnected, making it easy to see which assets are linked and how.
After all external IT assets are discovered and inventoried, AssetZero identifies those that may be potential attack vectors, assigns a risk score to each issue, and prioritizes remediation tasks with threat intelligence insights.

Threat intelligence is essential to vulnerability patch management. In 2021, a total of 20,138 CVEs were added to the NIST National Vulnerability Database. That's one new CVE roughly every 26 minutes for the entire year.

Fortunately, research shows that just a small fraction of documented CVEs are ever exploited in the wild. An even smaller percentage are widely exploited– less than 2% of all CVEs, according to some estimates. Threat intelligence provides the insights needed to accurately assess risk and decide which issues to address most urgently.

As a global leader in threat intelligence and threat hunting, Group-IB continually observes and documents the latest trends in threat actor activity, including dark web forums, botnet activity, malware development, C&C activity, and more.

AssetZero maps Group-IB threat intelligence data to the user organization's confirmed infrastructure. This data influences the risk score assigned to every identified issue and helps organizations prioritize their remediation efforts based on the most pressing threats. With the highest-risk issues at the top of the queue, organizations can significantly strengthen security posture with a minimal commitment of time and resources.
    AssetZero's Advantages in the EASM Market
    Though EASM is an emerging market, Group-IB AssetZero already provides several major advantages over similar solutions.

    AssetZero was built with Group-IB's advanced persistent threat (APT) tracking tools and patented threat intelligence technologies, giving it a border scope and superior discovery capabilities. From the IPv4 space and beyond to the deep and dark web, AssetZero maps out the Internet in its entirety. In yet another key differentiator, AssetZero's findings are augmented with Group-IB threat intelligence data, including malware analysis, deep & dark web activity, credential dumps, and botnet logs. In addition, AssetZero tracks security metrics and risk scores over time, enabling customers to export the data from customizable dashboards with flexible reporting features.

    These advanced EASM capabilities enable AssetZero to reduce risk and provide a measurable impact on security metrics for customers.
    Little Overhead, Big Impact
    AssetZero is fully cloud-based so it doesn't require any new infrastructure or agents and can be deployed quickly and inexpensively.
    Immediate & Measurable Results
    AssetZero increases the impact of remediation efforts and reduces mean time to patch (MTTP).
    Save Time & Reallocate Resources
    AssetZero reduces the amount of time security personnel need to spend hunting for shadow IT and misconfigurations, freeing up resources to focus on other high-priority projects.
    Get More Out Of Your Current Practices
    AssetZero increases the scope of existing tools and practices that depend on exhaustive asset inventories, helping to maximize the return on these investments.
    An EASM Solution Designed For The Channel
    Group-IB AssetZero was built with channel partners in mind. To that end, a key feature of AssetZero is scalability. Partners can quickly and easily add all of their clients to the AssetZero dashboard without needing to deploy new instances or receive any detailed information from clients, making it easy to scale the product to dozens or even hundreds of accounts with minimal resource allocation.

    In addition, AssetZero simplifies the process of obtaining trial licenses to run product demos. This gives partners the opportunity to generate additional revenue with existing clients and win new accounts. AssetZero licenses are issued based on the number of mapped assets (IPs, Subnets, Domains & Sub-domains) as per the solution interface, so pricing is both transparent and accessible to organizations of all sizes.

    Partners also have the option to generate additional revenue by providing managed services around the AssetZero solution and corresponding remediation efforts.

    Discover your external attack surface
    with AssetZero
    Manage risk and prevent breaches