San Francisco, CA – May 7, 2024 – The RSA Conference showcased the debut of the runZero Research Report, a comprehensive analysis of the state of asset security in global enterprises, presented by runZero, a prominent provider of Cyber Asset Attack Surface Management (CAASM). This report, the initial installment in a series of publications, draws upon runZero’s extensive experience working with hundreds of enterprise networks, including internal infrastructure, internet-facing assets, and cloud environments.
HD Moore, the esteemed founder and CEO of runZero, expressed concern over the concerning findings unearthed during their research. “Our investigation has brought to light troubling disparities and emerging trends in enterprise infrastructure, such as the erosion of network segmentation, ongoing challenges in managing attack surfaces, and the proliferation of dark matter within contemporary networks,” Moore stated. He emphasized runZero’s core philosophy of utilizing applied research to enhance asset discovery, which he views as the cornerstone of effective exposure management for organizations facing these evolving threats.
The key conclusions from the report highlight various critical points:
– IT and OT integration is expanding, resulting in an enlarged attack surface for organizations and necessitating innovative approaches to asset discovery and management. Notably, Operational Technology (OT) systems are increasingly targeted by threat actors and are frequently exposed to unsecured networks. Shockingly, over 7% of Industrial Control System (ICS) assets examined were found to be accessible via the public internet, including vital components like programmable logic controllers and power meters crucial for critical infrastructure operation.
– Outlier devices, those assets most vulnerable to security risks due to their unique characteristics within their network context, were identified as high-risk targets. runZero’s outlier scoring system, which measures an asset’s distinctiveness relative to its neighbors, exhibited a strong correlation with risk rankings provided by prominent vulnerability scanning tools. Security teams can leverage this outlier analysis to swiftly identify and address the most susceptible systems in their environments.
– A significant portion of networking “dark matter,” referring to devices that are largely unmanaged by IT personnel and infrequently updated, constitutes 19% of enterprise networks. Additionally, 45% of these devices possess only limited management capabilities, underscoring the challenge of maintaining visibility and control over a substantial portion of physical assets within networks.
– The continued use of end-of-life hardware and operating systems poses a substantial security risk for organizations. Notably, outdated versions of operating systems like Windows 2012 R2 and Ubuntu 14.04, alongside unsupported network devices and VMware ESXi instances, remain prevalent in many environments, introducing potential vulnerabilities.
– Network segmentation controls are compromised by printers and network-attached storage devices that permit traffic forwarding across different networks. runZero observed instances of unexpected IP-forwarding behavior across numerous device types, ranging from smart TVs to robotic vacuum cleaners, compromising the integrity of established network boundaries.
– The frequency of zero-day attacks at the network edge has surged, posing a considerable challenge for suppliers to issue patches promptly. runZero documented 23 Rapid Responses covering over 60 distinct vulnerabilities in the first four months of 2024, underscoring the urgency of addressing these emerging threats in a timely manner.
– Concerningly, 92% of systems running the Secure Shell (SSH) service still rely on password-based authentication, exposing them to the risk of brute force and credential stuffing attacks. Furthermore, thousands of systems utilize hardcoded cryptographic keys shared across unrelated environments, negating the inherent security benefits of the SSH protocol.
– A significant portion of Transport Layer Security (TLS) implementations, approximately 16%, rely on outdated versions of OpenSSL, potentially exposing these systems to future compromises. runZero’s unique fingerprinting methodology enables the identification of vulnerable services based on behavioral patterns rather than static configurations, enhancing the accuracy of vulnerability assessments.
– While security improvements have been made to Remote Desktop Protocol (RDP) on Windows systems through the implementation of Network Layer Authentication (NLA), Linux-based RDP solutions like xrdp are yet to adopt these protective measures. Additionally, many Windows platforms persist with older, less secure configurations, leaving them susceptible to exploitation.
– Approximately 13% of Windows systems still have Server Message Block (SMB) v1 enabled, despite the protocol being deprecated on newer Windows versions. This outdated configuration poses a significant risk to organizations, as millions of legacy systems continue to rely on SMBv1, potentially exposing them to security vulnerabilities.
runZero’s research methodology centers on the precise identification of vulnerable devices through advanced fingerprinting techniques and rapid outlier analysis. The report not only highlights the critical vulnerabilities discovered but also outlines runZero’s research process, detailing the development of fingerprinting methodologies and the tangible outcomes of these investigative efforts.
About runZero
runZero is renowned for delivering unparalleled security visibility, empowering organizations to effectively manage risk and exposure. Praised as the top-rated provider on Gartner Peer Insights, runZero’s CAASM platform offers swift insights into managed and unmanaged devices spanning IT, OT, IoT, cloud, mobile, and remote assets. With a world-class Net Promoter Score (NPS) of 82, runZero’s active scanning, passive discovery, and integrations deliver precise, comprehensive data and insights to organizations across industries, earning the trust of over 30,000 users seeking to enhance their security posture.
In conclusion, runZero’s inaugural Research Report sheds light on the pressing security challenges facing enterprises today, urging organizations to prioritize asset discovery and management to mitigate evolving threats effectively. As cybersecurity risks continue to evolve, proactive measures and innovative solutions will be essential to safeguarding critical assets and preserving the integrity of digital infrastructures.