Cloud migrations, mass digitization, business growth, and M&As are all leading to a rapid and unprecedented expansion of digital footprints. This is true for organizations in all industries and regions. New services and applications are constantly deployed across different infrastructures: on-premise data centers, private clouds, public clouds from multiple cloud service providers, plus infrastructure hosted by third-parties, such as SaaS providers.

The sheer size of digital footprints, combined with the increasing complexity of modern IT infrastructures, makes it very challenging for businesses to maintain complete visibility on all IT assets in their environment. External assets that are unknown to the host organization are known as "shadow IT." In short, this term refers to Internet-facing assets that are not being actively patched, managed, or secured.

Shadow IT creates gaps in the security perimeter that add avoidable risk and increase the probability of a breach. Back in 2016, Gartner estimated that "by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources."

Recent research from IBM confirms these predictions. In 2021, the IBM X-Force Threat Intelligence Index report found that "Scan-and-exploit was #1 initial attack vector," representing the primary vector in 35% of attacks.

These numbers are also supported by data collected by the Group-IB Computer Emergency Response Team (CERT-GIB).

As digital footprints and the complexity of IT infrastructures continue to grow, it is becoming more and more important for organizations to maintain a complete and up-to-date asset inventory list. This is where external attack surface management solutions come into play.

External attack surface management (EASM) is an emerging technology category that automates the process of mapping out all of an organization's external IT assets, including shadow IT. While this is the primary function of EASM products, they often provide additional features that help organizations to gain full visibility, manage risk, and improve security.

Automated Asset Enumeration

EASM tools automate the process of identifying and inventorying external assets, including shadow IT and forgotten infrastructure.

Continuous & Recursive Discovery

Because EASM solutions are automated, they can work 24/7 without any direct oversight or manual input from security personnel. New assets are identified almost immediately after they are deployed.

Identification Of Potential Vulnerabilities

After inventorying all external assets, EASM products check for potential vulnerabilities. This includes everything from vulnerable hardware and outdated software to expired SSL certificates and open ports.

Prioritization Of Issues

To help manage and mitigate risk, EASM tools assign a quantitative risk score to all identified assets. Issues are prioritized according to the risk level.

Streamlined Remediation

WIth all issues scored and prioritized, security teams can make the most of time dedicated to remediation, enabling high-impact fixes that dramatically improve security posture with a limited investment of resources.

AssetZero is a fully cloud-based SaaS solution designed to discover, assess, and help manage the external attack surface. The Group-IB solution continuously scans the entire IPv4 space and beyond to identify all Internet-facing assets, including shadow IT, forgotten infrastructure, and misconfigurations that may be causing an internal asset to be exposed to the open web.

After all external IT assets are discovered and inventoried, AssetZero identifies those that may be potential attack vectors, assigns a risk score to each issue, and prioritizes remediation tasks with threat intelligence insights.

Threat intelligence is essential to vulnerability patch management. In 2021, a total of 20,138 CVEs were added to the NIST National Vulnerability Database. That's one new CVE roughly every 26 minutes for the entire year.

Fortunately, research shows that just a small fraction of documented CVEs are ever exploited in the wild. An even smaller percentage are widely exploited– less than 2% of all CVEs, according to some estimates. Threat intelligence provides the insights needed to accurately assess risk and decide which issues to address most urgently.

As a global leader in threat intelligence and threat hunting, Group-IB continually observes and documents the latest trends in threat actor activity, including dark web forums, botnet activity, malware development, C&C activity, and more.

AssetZero maps Group-IB threat intelligence data to the user organization's confirmed infrastructure. This data influences the risk score assigned to every identified issue and helps organizations prioritize their remediation efforts based on the most pressing threats. With the highest-risk issues at the top of the queue, organizations can significantly strengthen security posture with a minimal commitment of time and resources.

Though EASM is an emerging market, Group-IB AssetZero already provides several major advantages over similar solutions.

AssetZero was built with Group-IB's advanced persistent threat (APT) tracking tools and patented threat intelligence technologies, giving it a border scope and superior discovery capabilities. From the IPv4 space and beyond to the deep and dark web, AssetZero maps out the Internet in its entirety. In yet another key differentiator, AssetZero's findings are augmented with Group-IB threat intelligence data, including malware analysis, deep & dark web activity, credential dumps, and botnet logs. In addition, AssetZero tracks security metrics and risk scores over time, enabling customers to export the data from customizable dashboards with flexible reporting features.

These advanced EASM capabilities enable AssetZero to reduce risk and provide a measurable impact on security metrics for customers.

Group-IB AssetZero was built with channel partners in mind. To that end, a key feature of AssetZero is scalability. Partners can quickly and easily add all of their clients to the AssetZero dashboard without needing to deploy new instances or receive any detailed information from clients, making it easy to scale the product to dozens or even hundreds of accounts with minimal resource allocation.

In addition, AssetZero simplifies the process of obtaining trial licenses to run product demos. This gives partners the opportunity to generate additional revenue with existing clients and win new accounts. AssetZero licenses are issued based on the number of mapped assets (IPs, Subnets, Domains & Sub-domains) as per the solution interface, so pricing is both transparent and accessible to organizations of all sizes.

Partners also have the option to generate additional revenue by providing managed services around the AssetZero solution and corresponding remediation efforts.