In short, FractalScan Surface is a tool that is used to discover and assess the security of your organisation’s online presence.
Anyone that uses the Internet for any part of their business practices is at risk of cyber security attacks, which are recorded in the media all too often. The effect can cause reputation and customer loss, decline in revenues, loss of competitive advantage, loss of data or exposure, and employees’ inability to be fully productive. Therefore, mitigating against this happening is something all companies need to take seriously.
How do attackers find targets?
Many targeted cyber security attacks commence with a learning or ‘reconnaissance’ phase. This is the point where an attacker will build a picture of a company’s online presence. Once this is established, they will focus on any weaknesses that could potentially be exploited. These could be websites that have not been updated and contain vulnerable software, a misconfiguration of a server, or exposed data.
This recon phase is analogous to a rock climber studying what to an inexperienced onlooker might look like a featureless, sheer cliff. The experienced rock climber carefully studies any small cracks, or vulnerabilities in the rock, taking the time on each one to decide which technique or manoeuvre can best be utilised to exploit this vulnerability to begin their ascent. In Cyber Security this is known as the ‘Attack Surface’.
Like rock climbers, an attacker will spend time building up an understanding of the Attack Surface, searching for those small cracks or vulnerabilities. If you want to protect your online infrastructure you need to make sure that you understand your Attack Surface, to regularly monitor and address any issues that arise.
Is it like a vulnerability scan?
There are loads of cyber security tools out there, all wrapped in a dizzying amount of jargon and three-letter acronyms. For example, FractalScan Surface includes some typical features from threat and vulnerability management tools, vulnerability scanners and application testing tools.
But FractalScan Surface is fundamentally an [attack-surface][as] tool; its primary purpose is to discover what you have online, and display the results in different ways. Part of that discovery process includes a whole range of testers that check configuration and setup for common issues, the results of which make up the health score and risks. But it’s all done passively, without you having to enter anything more the domain name of the subject.
A vulnerability scanner is typically an active tool, which can be authenticated or unauthenticated, but works against a targeted number of assets that you have to first define. FractalScan Surface should come before that: it helps you identify assets that, if they belong to you, may then benefit from in-depth analysis, be it vulnerability scans or detailed penetration tests.
So what is special about FractalScan Surface?
FractalScan Surface only requires high level domains (yourcompany.com) or IP addresses, it then queries a whole range of online sources to discover and enumerate associated online infrastructure and assets, before performing its in-depth analysis. On the first scan, you will see what your infrastructure looks like at that point in time. You may have services or domains that you thought had been retired but have not been removed, out of date components and services, and expired certificates.
Reducing the Attack Surface reduces the risk and makes it more difficult for an attacker to gain a foothold.
FractalScan Surface provides a web application that intuitively displays all the underlying data in a format that is easy to read, understand and digest. It allows you to look at high-level information, whilst also giving you unprecedented access to delve deep into your data, and deeper still, hence the naming of FractalScan Surface.
Another challenge with using occasional vulnerability scans or penetration tests is that a company’s Attack Surface is constantly changing. New vulnerabilities found in widely used software are released every day, and a company’s online presence is regularly being updated.
Picture the rock climber studying a cliff face where the cracks are slowly morphing away whilst new ones appear. As soon as the penetration tester provides their report, it could already be out of date. FractalScan Surface can repeat a scan every day, be updated on demand, with scans being completed in minutes. One point to make is that penetration testers can provide a creativity to think like an attacker, that is difficult to replace. The undertaking of a Penetration Test in addition to FractalScan Surface would only be a benefit.
FractalScan Surface provides a clear presentation of any vulnerabilities so that any issues that exist on your Attack Surface can be understood and remediated. FractalScan Surface provides a facility to effectively plan and prioritise your issues and vulnerabilities so they can be addressed whilst also providing remediation steps.
FractalScan Surface manages the Attack Surface for anything that is visible on the internet that an attacker would be able to see without having gained any unauthorised access. We are already developing other variants such as FractalScan Intra (internal networks) and FractalScan Cloud to detect any unauthorised access by attackers and attacks they could be undertaking.
FractalScan Surface is an Attack Surface Management Platform that provides a continuous and efficient way to discover your infrastructure then detect new vulnerabilities, so that fixes can be applied swiftly before an attacker has chance to exploit them.
So, who is FractalScan Surface for?
There are a wide range of possible uses for FractalScan Surface. If scanning your own infrastructure, there are features that make it ideal for a systems administrator who wants the finer detail, or a CISO that cares more about the high-level risk. If scanning third-parties, it is ideal for supplier onboarding, consultancy and due diligence. In future blogs we’ll cover some of these use cases in detail.