What is Attack Surface Mapping?

Bit Discovery have been using the WPScan WordPress security scanner and the WPScan Enterprise API for some time to add WordPress scanning functionality to their offering. We thought that it would be a good idea to introduce our readers to what Attack Surface Mapping is, and how organisations can benefit from it. To do this, we asked Bit Discovery some questions to help us get acquainted with the topic.

Bit Discovery is an Attack Surface Mapping service set up by Jeremiah Grossman and Robert “RSnake” Hansen, two giants within the web security space, whose shoulders we all stand on today.

Attack Surface Mapping helps organisations to see what they are exposing to the Internet, which could be targeted by attackers. Once an organisation knows what they are exposing, they can begin to reduce the risk of being attacked. This can be done by removing services that are no longer needed, or patching out of date systems.

attack surface mapping so hot right now

1. What is an attack surface?
An attack surface comes from the network perspective of an adversary, the complete external asset inventory of an organization including all actively listening services (open ports) on each asset.

2. What is Attack Surface Mapping?
Attack Surface Mapping is the process of discovering and documenting the complete attack surface of an organization. An Attack Surface Map includes the hostnames and IP addresses of each externally facing asset, the listening ports on each, and as much meta-data about each asset as possible. Meta-data may include software distribution and version information, IP-geolocation, TLS stack information, and so on.

3. What types of things does Bit Discovery help map?
Bit Discovery automatically discovers all domain names, hostnames, and IP-address for each asset in an organization’s attack surface map. Bit Discovery may collect over 120 columns of data about each asset. These assets may be located on-prem, in the cloud, hosted services, and more.

4. How does Attack Surface Mapping help keep organisations secure?
An organization can only secure what they know they own. Most companies have no documented Attack Surface Map at all. For those who do, it’s extremely common for the attack surface map to be highly incomplete and out-of-date, possibly leaving thousands of assets completely unidentified.  The security team can’t protect these unidentified assets, often referred to as shadow IT, resulting in lost data and frequent cyberattacks. Bit Discovery fills in the gaps in your data and gives you a high-fidelity view of your entire attack surface.

5. What other cool features does the Bit Discovery service have?

Our platform sends alerts in real-time whenever an inventory changes. New servers are brought online, new ports open, server software needs patching. Bit Discovery continually monitors your attack surface and lets you know as it constantly evolves and changes.

Bit Discovery also offers advanced technology fingerprinting by identifying CVEs, open ports, running services, thousands of software versions, geolocation, login forms, secret keys, ASN’s, programming frameworks, HTML, and much more. We’re able to do all of this in record time, often within minutes as opposed to days with a competitor.

6. There has been an increased interest in Attack Surface Mapping over the past few years, why do you think that is?
The increased interest in Attack Surface Mapping is easy to explain. The adversary has been targeting an organization’s secondary and tertiary assets for exploitation, many unknown to the organization and not just the well-known primary systems. Often these unknown asserts are legacy, long forgotten, and not adequately secured. These assets may often also be connected to other sensitive areas of the network where a breach of highly sensitive data may be achieved.

7. WordPress has a huge presence on the web, how does WPScan’s products/services help Bit Discovery in its Attack Surface Mapping offering?
There are an incredible number of WordPress instances on the Internet, many of which not properly secured and belong to an organization. It’s common for an organization to have dozens of WordPress instances that they’re unaware of with many exposed vulnerabilities. The Bit Discovery / WPScan combination is incredibly powerful. As Bit Discovery uncovers WordPress instances, WPScan is automatically deployed to fingerprint the instance and identify what types of exposed vulnerabilities exist. That way, an organization can quickly gain visibility into their attack surface, their WordPress security problems and best manage them according to their corporate standard.

We would like to thank Bit Discovery for answering our questions and giving us an insight into their Attack Surface Mapping service. If you’re interested in finding out more, visit their website to request a demo!

bit discovery logo

Leave a Reply