{"id":398,"date":"2024-09-25T21:25:29","date_gmt":"2024-09-25T21:25:29","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=398"},"modified":"2024-09-25T21:25:29","modified_gmt":"2024-09-25T21:25:29","slug":"accenture-forges-own-path-to-improve-attack-surface-management","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=398","title":{"rendered":"Accenture forges own path to improve attack surface management"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n\n

Accenture\u2019s award-winning attack surface management program strengthens the company\u2019s resiliency and security posture.<\/p>\n

As a global consulting and technology company, Accenture understands how quickly an attack surface can grow and become vulnerable to cyber threats.<\/p>\n

Accenture\u2019s own attack surface, made up of thousands of servers, virtual machines, cloud objects, devices, and physical workstations, is massive enough. But Accenture also frequently acquires companies with their own IP inventory, creating an even larger attack landscape.<\/p>\n

\u201cWe\u2019ve always had a strong security posture, but as we\u2019ve been growing, we noticed that we had weaknesses in our defenses,\u201d says Kristian Burkhardt, Accenture CISO.\u00a0<\/p>\n

To achieve complete visibility of its IP estate, Accenture merged various technologies into a custom ASM (attack surface management) program. Burkhardt describes the program as \u201cintegrating a set of tools into a process\u201d that combines penetration testing, customized scans, and attack simulations with human creativity and teamwork.<\/p>\n

The need for complete attack surface visibility<\/strong><\/p>\n

In order to build an attack surface management framework, says Burkhardt, an organization must first have:<\/p>\n

Tech hygiene <\/strong>\u2014 making sure your infrastructure, cloud objects, and workstations are configured, patched, and hardened against attacks.\u00a0<\/p>\n

Strong asset management <\/strong>\u2014 knowing all the assets you own, where they are located, and ensuring they are under proper governance.<\/p>\n

\u201cIf your tech hygiene and asset management are not in a good place, it will get in the way of ASM,\u201d says Burkhardt. \u201cThey were in a good place at Accenture, but that doesn\u2019t always protect you against edge cases and unique attack scenarios.\u201d<\/p>\n

Like most organizations, Accenture has standard defenses to detect and prevent largely autonomous attacks: endpoint protection, firewalls, email filtering, multi-factor authentication, patching and configuration management, and URL blocking.<\/p>\n

While Accenture successfully protected upwards of 99% of its assets from threats, with an expanding attack surface from acquisitions, 99% wasn\u2019t good enough.<\/p>\n

Burkhardt and his team first noticed gaps in their security posture when doing crowdsourced penetration testing. The tests flagged small incidents that exploited vulnerabilities that conventional tools do not scan for, such as default passwords in Apache or a weak configuration of GitLab or WordPress, Burkhardt explains.<\/p>\n

\u201cPenetration testing opened our eyes that there were ways into our network that commercial vulnerability scanners were never going to find,\u201d he says. \u201cWe knew we needed to do better.\u201d<\/p>\n

A melting pot of ASM technologies and teamwork<\/strong><\/p>\n

In mid 2023 the company\u2019s information security team began developing its own tools and performing custom activities as part of an initiative that became its attack surface management program.<\/p>\n

The program combines in-house tools with third-party tools that Accenture purchased and customized to scan for specific vulnerabilities.\u00a0<\/p>\n

\u201cWe created all the process, rigor, and discipline that goes into the ASM program to make sure the security team is remediating what it is supposed to remediate,\u201d says Burkhardt.<\/p>\n

Technologies and processes that make up Accenture\u2019s ASM program include:<\/p>\n

Crowdsourced penetration testing for critical apps.<\/strong> Tests provide vulnerability specialists to find Accenture\u2019s weaknesses before the bad actors do. The security team analyzes the tests\u2019 findings, fixes them, and prevents new similar findings.<\/p>\n

Threat intelligence response.<\/strong> An emergency response capability that allows Accenture to quickly find new vulnerabilities in its environment so the team can target remediation.<\/p>\n

Custom-built advanced detection and complex hunt capabilities. <\/strong>These are created within software configurations that off-the-shelf products don\u2019t find. For example, these tools spot third-party platforms using default passwords, creating a vulnerability.<\/p>\n

Monitoring Accenture\u2019s internet footprint<\/strong> to make sure the company\u2019s IP estate is identified and inventoried. This includes Accenture domains and IPs as well as the IP inventory of newly acquired companies.<\/p>\n

Management of Accenture\u2019s external reputation.<\/strong> Third-party reputation vendors eliminate false positives and validate that Accenture\u2019s security detection tools and processes are working as intended.<\/p>\n

Breach and attack simulation. <\/strong>This tool is designed to constantly detect, and protect against, known threats. If an attacker has a foothold on one of Accenture\u2019s services, the tool will test how far attackers actually get and track them if they move around.<\/p>\n

Spotting vulnerabilities sooner and preventing attacks<\/strong><\/p>\n

According to Burkhardt, the two main goals of a custom-built attack surface management program are to prevent attacks and improve response times during attacks.<\/p>\n

\u201cWe\u2019ve definitely improved both of those areas,\u201d he says. \u201cWe now have visibility of that last 1% of our IP space. The proof is that we haven\u2019t been caught off guard by an attacker getting access to a system we didn\u2019t know we had. That hasn\u2019t happened in over a year.\u201d<\/p>\n

Burkhardt describes a real-life scenario where Accenture\u2019s rapid response process discovered and blocked a vulnerability triggered by a newly acquired company.<\/p>\n

\u201cOne of the controls companies must implement to finalize an acquisition is that all of their remote access must be two-factor authentication enabled,\u201d he says.\u00a0<\/p>\n

\u201cThis particular company complied and signed the deal, but when we scanned their IP address space with our tool, we found instances of a non-commercial remote access tool that was vulnerable to attacks. The company didn\u2019t even know they were using this tool. We were able to shut it off before an attacker found it, saving us an attack down the road.\u201d\u00a0<\/p>\n

For its custom ASM program, Accenture earned a 2024 CSO Award<\/a>, which honors security projects that demonstrate outstanding thought leadership and business value<\/a>.<\/p>\n

Looking ahead: Injecting AI into attack surface management<\/strong><\/p>\n

Between the threat intelligence feeds scouring for vulnerabilities and penetration testers simulating attacks against Accenture, the ASM program has created what Burkhardt refers to as a \u201cvirtuous circle\u201d that continually hardens its attack surface and keeps the security team informed.\u00a0<\/p>\n

Going forward, Burkhardt is working on how to integrate artificial intelligence into the ASM program.<\/p>\n

\u201cThe AI could learn how to analyze our threat intelligence and penetration testing results to perform more advanced and faster attacks against us,\u201d says Burkhardt.<\/p>\n

Unfortunately, he adds, threat actors know this and are using AI, too.\u00a0 \u201cThere\u2019s an AI arms race going on, and threat actors probably have the upper hand,\u201d he says. \u201cDefenders like us need to catch up.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Accenture\u2019s award-winning attack surface management program strengthens the company\u2019s resiliency and security posture. As a global consulting and technology company, Accenture understands how quickly an attack surface can grow and become vulnerable to cyber threats. Accenture\u2019s own attack surface, made up of thousands of servers, virtual machines, cloud objects, devices, and physical workstations, is massive […]<\/p>\n","protected":false},"author":0,"featured_media":374,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-398","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/398"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=398"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/398\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/374"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}