Three Ways to Enhance Your Cloud Security with External Attack Surface Management

CrowdStrike data shows that 25% of cloud assets in the U.S. are exposed to severe vulnerabilities — securing the cloud starts with knowing your risk

The IT future is a cloudy one. Organizations are increasingly relying on cloud servers, as today’s IT environments use a combination of public and private clouds alongside on-premise infrastructure. Gartner® estimates that by 2026, 75% of organizations will adopt a digital transformation model predicated on the cloud as the fundamental underlying platform. Moreover, global spending on public cloud services is forecast to grow 21.7% to total $597.3 billion USD in 2023, up from $491 billion USD in 2022, according to the firm’s latest forecast.1

This rapid acceleration into the cloud has dramatically expanded the modern attack surface, making it increasingly difficult for security teams to keep up. Data from CrowdStrike Falcon® Surface external attack surface management shows that in the United States, 23% of all exposed assets detected in a week are hosted on the cloud. More importantly, 25% of those exposed assets have a severe vulnerability.2 These vulnerable assets can be remote access servers, databases, web servers, gateways, VPNs, development tools and more. The high number of exposed assets indicates that although cloud adoption might be easy, securing the cloud can be hard.

The risk of cloud exploitation is not a new problem. The CrowdStrike 2023 Global Threat Report showed that cloud exploitation cases grew by 95% from 2021 to 2022. Cases involving cloud-conscious actors nearly tripled in the same time frame. These actors primarily obtained initial access to the cloud by exploiting public-facing applications — such as web servers — using existing valid accounts, resetting passwords or placing webshells or reverse shells for persistence. These findings underscore the need for robust cloud security measures and proactive exposure management to address the growing threat of cloud-based attacks.

Evolving Safely in the Cloud Requires 24/7 Exposed Asset Monitoring

Contrary to popular belief, the onus to protect cloud data falls on companies and not the cloud host provider. While organizations may have safeguards in place for their known cloud enclaves, employees can easily create their own cloud instances without following the central process or alerting central IT, leading to the emergence of “shadow IT.”

With the complexity of cloud configurations, it's easy for teams to make a mistake that can leave sensitive data exposed or leave cloud resources vulnerable to attack. Misconfigurations can occur in several places, including network security settings, storage permissions, access controls and more. Attackers are well aware of this and are actively scanning cloud environments for misconfigurations to exploit.

Improper access management, cloud services misconfiguration, cloud applications provisioned outside IT visibility and lack of staff with the skills to manage security for cloud applications can all leave companies exposed and vulnerable to attack — and they are far more common than assumed.

External attack surface management (EASM) is needed for companies to safely evolve in the cloud. It delivers a comprehensive inventory of externally exposed, known and unknown cloud assets, and enables teams to uncover issues like unknown misconfigured environments (staging, testing, development, etc.) and legacy webpages and assets hosted on unofficial hosting providers. In addition, it analyzes and prioritizes every risky exposure and generates a plan with actionable insights so teams can resolve more issues in less time.

EASM provides a powerful complement to the cloud native application protection platform capabilities (CNAPP) required to mitigate the risks outlined above. CrowdStrike combines EASM with the cloud security offerings of Falcon Cloud Security through a unified platform, empowering customers with complete visibility and protection across their cloud environments no matter what stage they are in their cloud journey.

Three Ways EASM Enables Companies to Maximize Cloud Security

1. Gain outside-in visibility into critical asset exposure while moving to cloud storage and services

Companies that are just starting their cloud migration face the decision of which services and data to host on cloud service providers. It is essential for those companies to carefully manage their asset inventory and understand which security controls are in place, what they cover and where their security gaps are. EASM is the natural place to start. As a fast and easy-to-deploy tool, it enables security teams to gain an immediate understanding of where exposures are, stay on top of asset inventory management in real time and maintain an overarching view of the entire attack surface — regardless of if it’s in the cloud or on-premises.

2. Prioritize risks in hybrid cloud environments

As companies grow and evolve in the cloud, they’ll be looking at cybersecurity strategies to prevent risk and exposure. This is particularly important given that the average breakout time for interactive eCrime intrusion activity was 79 minutes in the past 12 months and the fastest observed breakout time was a mere 7 minutes, as revealed in the recently released CrowdStrike 2023 Threat Hunting Report — highlighting the need for dynamic and thorough cybersecurity measures to protect digital assets.

If the goal is to host more sensitive services in the cloud, EASM can arm CISOs with unique insight into where teams should spend time to reduce risk, bookmark high-value assets for monitoring and integrate with most popular XDR and IR systems. CISOs can receive prompt alerts for exposed assets, ultimately preventing long-term exposure.

3. Ensure no asset is left unknown on full cloud infrastructure

Once operating on full cloud infrastructure across multiple providers, security tools can be deployed to support the efforts of CISOs, like cloud security posture management (CSPM) platforms. There’s a catch — CSPM doesn’t account for the entire ecosystem and may not cover subsidiaries, the supply chain and third-party vendors. An EASM solution is easily integrated for always-on, real-time, thorough monitoring of cloud environments as well as other attack vectors — so CISOs can ensure nothing is missed.

Move Safely into the Cloud with Falcon Cloud Security and Falcon Surface

CrowdStrike provides comprehensive capabilities to stop cloud breaches: CrowdStrike Falcon® Cloud Security delivers the industry’s most complete agent-based and agentless cloud-native application protection platform (CNAPP) capabilities. When paired with Falcon Surface, our EASM module, as part of the unified CrowdStrike Falcon platform, teams gain a significant advantage against the adversary.

By adding Falcon Surface, security teams can see their attack surface like adversaries can — across their entire digital perimeter. Based only on a domain address, it enables them to detect, prioritize and manage unknown risky, exposed internet-facing assets that are centralized or remote across on-premises environments and subsidiary, cloud and third-party vendors. All exposed assets are automatically classified, analyzed and prioritized according to a contextualized risk score, allowing for quick-to-implement remediation steps. Together, Falcon Cloud Security and Falcon Surface provide real-time visibility and protection across the entire cloud environment. By leveraging the best of agent-based and agentless technology, CISOs and their security teams can work together to protect the entire attack surface and stop breaches.

Additional Resources

  1. Gartner Press Release, Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023, April 19, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
  2. Data powered by CrowdStrike Falcon Surface.
Breaches Stop Here