Provides Holistic View of the Complete Attack Surface Across Clouds and On-Prem, Unifying External Threat Exposure Management
IONIX today announced the launch of Attack Surface Cloud Cross-View, a significant platform enhancement to its industry-leading Attack Surface Management (ASM) platform that enables organizations to view their complete attack surface risk. IONIX Cloud-Cross View (CCV) connects IONIX ASM to the internal cloud asset view, mapping all application-level dependencies and ensuring that asset importance and exploitability can be assessed across cloud and on-premises infrastructures. This approach bridges critical cloud security gaps across all internet-facing assets and digital supply chains in organizations’ AWS, Azure and GCP environments as well as cloud-security providers such as Akamai, Cloudflare and Imperva.
Traditional cloud security tools, operating with only an inside view of cloud environments, fail to identify things like cloud shadow IT and zombie IT accounts, unintentional internet-exposed assets and digital supply chain risks. In addition, cloud security is managed separately with dedicated tools and teams, an approach that leads to gaps in the way organizations manage their holistic attack surface. As a result, a common challenge is that cloud security tools are limited in their understanding of the importance and context of cloud assets within the broader cloud and on-prem organizational attack surface.
According to Forrester Research, Inc.*, “Unless an organization uses attack surface management (ASM), agent-based and agentless cloud workload protection (CWP), security orchestration and automation (SOAR), micro segmentation and application security posture management (ASPM) with CSPM and CIEM tools, it does not have full, 360-degree visibility, detection and response to all cloud threats.”
“IONIX was seeing customers facing attacks that arise from the security coverage gaps in their separately managed cloud security tools and on-premises vulnerability management solutions. For this reason, we built Cloud Cross-View features into our ASM product to close the gaps between the two and to ensure that any asset, wherever it may reside, is a secure asset,” said Marc Gaffan, CEO of IONIX. “We envision a simpler solution where one contiguous attack surface, supported by a security software stack that one team can manage, covers both cloud and on-prem security needs. CCV is a good first step in that direction.”
As an expansion of IONIX ASM, CCV bridges these cloud security gaps, offering unparalleled visibility and insights from an attacker’s perspective such as:
- Asset connectivity and importance: The importance of assets stems not just from their own value but also from their risk dependencies to more critical assets. An asset deemed of lower importance may be reevaluated if it poses a risk to a highly-important asset through its connections.
- Inter-environment connections: Cloud security solutions typically fail to recognize connections from a cloud environment to other hosting environments, including vendor clouds and on-premises infrastructures. These interconnected environments necessitate a broader approach to risk identification and prioritization.
- Digital supply chain risks: Some of the most easily exploitable attack vectors originate from vulnerabilities and misconfigurations within the organizations’ digital supply chain. To protect organizational assets from indirect threats, security solutions must look beyond the perimeter to effectively identify these risks and map the attack paths back to the organization.
- Exploit testing across entire infrastructure: Effective exploit simulation through attack paths that include cloud, non-cloud and digital supply-chain assets. IONIX smartly correlates the internal and external cloud views to effectively conduct exploit simulation on cloud assets.
In addition to providing a holistic view of the complete attack surface, IONIX integrates with leading providers to validate CSPM findings with IONIX’s Exposure Validation capabilities. By integrating with CSPM solutions, IONIX can turn alerts on potential vulnerabilities into validated and practical security assessments by using IONIX exploit simulation modules to validate exploitability. Additional announcements regarding CSPM integrations will be made in Q2 2024.
IONIX will demonstrate the power of Attack Surface Cloud Cross-View at RSA Conference 2024, May 6-9, in booth #6449 Moscone North. Learn more and schedule a live demo here.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!