[Video] IF Your Shadow IT Could Talk

Posted by Reposify on November 11, 2020 3:32:36 AM EST

 

Read More

Topics: "risk assessment", "Attack Surface Management", "Shadow IT", Attack Surface, cyber risk management, IT RISK ASSESSMENT

The Risks of Exposed Development Environments

Posted by Reposify on October 29, 2020 6:23:21 AM EDT

 

Read More

Topics: "Attack Surface Management", Cloud storage, Attack Surface, cyber risk management

How to reduce Shadow IT with engaging awareness training

Posted by Reposify on October 6, 2020 5:43:22 AM EDT

We set down with Kfir Tzukrel, CISO at Direct Finance for a chat about the risks of Shadow IT and how to make cyber security awareness training engaging and fun. 

Read More

Topics: "risk assessment", "IT Security Audits", "Attack Surface Management", shadow it risks, Attack Surface

How to stay on top of your ever-changing Attack Surface

Posted by Reposify on September 30, 2020 3:28:59 AM EDT

"Truly understanding the full scope of the business and its risks is a huge challenge. its constantly changing and you need to react quickly."

Read More

Topics: "risk assessment", "IT Security Audits", "Attack Surface Management", Attack Surface

Why you Should Secure your Test Environments

Posted by Koby Meir on September 24, 2020 4:32:26 AM EDT

While test environments are a vital part of the deployment process, when it comes to security they are not treated equally. The need to secure your production environment is a given but unfortunately, test environments often suffer from low to no security and in some cases are unnecessarily exposed to the web.

A typical deployment pipeline includes three non-production test environments each serving its own purpose.

Development: This is where the initial magic happens. It is the workspace in which developers can deploy and test code and make frequent changes per need.

QA (also referred to as Testing): In this test environment, testers focus on bug fixes and on ensuring that each component in the application is working properly.

Staging: This environment is used for the final stages of testing before the release to production. Out of all the test environments, staging typically mimics the production environment and oftentimes, real data is used in order to ensure the application is reliable and will not fail in production.

Such test environments may contain source code of future features that are not yet meant to be publicly available. In addition, they often include real production data and API keys. Such exposed test environments pose weak entry points into internal networks and can lead to data exposure and leaks.

In addition to potential leaks, since most test environments are not regularly monitored, attackers could "practice" their exploits on exposed staging environments until they are ready and able to take down your live application in one shot.

Every week, Reposify’s attack surface management platform discovers millions of exposed test environments including development, QA and staging environments which were left unprotected and can be easily accessed online and exploited by attackers.

Read More

Topics: Attack Surface, test environments

31 TIPS FOR REDUCING ATTACK SURFACE RISKS

Posted by Reposify on September 21, 2020 8:21:32 AM EDT

We’ve asked Reposify’s cybersecurity experts to share 31 of their best tips for reducing attack surface risks.

Read More

Topics: "Respoify IoT Scanner", "Attack Surface Management", "Security Risk Assessment", shadow it risks, Attack Surface

Common AWS S3 Misconfigurations and How to Avoid Them

Posted by Tom Bushmitz on August 20, 2020 10:32:18 AM EDT

AWS's simple storage service also known as S3 is the most popular public cloud service and currently continues to hold the largest market share within the cloud services market.'

Read More

Topics: "Attack Surface Management", AWS, Cyber Security, IoT Search Engine, AWS S3 SECURITY, Cloud storage

Are You Still Using Shodan to Map Your Attack Surface?

Posted by Reposify on August 19, 2020 8:41:42 AM EDT

If you are using Shodan to search for your company’s assets or perform reconnaissance as part of blue or red teams routines - you need to keep reading. This blog unlocks insights that will help you eliminate more risks in less time and minimum effort.

Shodan (aka the hackers’ search engine) is a well known Internet search engine which allows you to check the exposure status and meta data of every public IP address. It is used by both hackers and organizations.

Shodan is great for attackers. Having the internet at your fingertips is exactly what you need when trying to find exposed assets to attack. But for organizations it's a different story.

In order to stay ahead of attackers you need a quick way to continuously map and monitor your ever-changing external attack surface. But trying to create an always up-to-date connected asset inventory by using an IoT search engine is like looking for a needle in the haystack while ignoring the rest of the barn. The inherent limitations of Shodan include manual searches, false positives, no prioritization and result in partial visibility of your real attack surface.

The only way to eliminate shadow IT risks and unknown exposures is through complete automation of the discovery, analysis, prioritization and monitoring processes.

10 years ago, Shodan was probably your best option, but today in 2020, using Shodan to search for your company’s assets is like trying to navigate at sea, with no GPS or sonars, relying only on the stars.

This blog presents a deep dive comparison of the use of Shodan vs Reposify’s External Attack Surface Management platform for mapping the attack surface and eliminating unknown risks .

We’ll examine and compare 4 main aspects:
1. Internet scanning capabilities
2. Asset discovery capabilities
3. Insights actionability (asset classification, security insights and risk prioritization)
4. Costs - is Shodan really that cheap?

Spoiler Alert 

Read More

Topics: "Respoify IoT Scanner", "IT Security Audits", "Attack Surface Management", "Security Risk Assessment", IoT Search Engine

How to Avoid Hostile Subdomain Takeovers

Posted by Asaf Aprozper on July 27, 2020 3:33:53 AM EDT

What is a hostile subdomain takeover?

Read More

Topics: "IT Security Audits", "Attack Surface Management", "Security Risk Assessment", Hostile Subdomain Takeover

AWS EC2 Security Starts with Visibility

Posted by Lihi Ben Arie on June 24, 2020 1:35:05 AM EDT

Elastic Compute Cloud (or in short EC2) is an infrastructure-as-a-service offering and one of the widely adopted services in the AWS platform. 

Read More

Topics: "Attack Surface Management", AWS, EC2, Integration, Cyber Security