In cybersecurity, a foundational principle is derived from Sun Tzu’s wisdom: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Organizations invest heavily in knowing the enemy through threat intelligence, yet research from Unit 42 reveals a critical failure in knowing themselves. This gap stems from inadequate asset management, which creates significant, unmonitored security risks.

Many security teams operate with an incomplete picture of their own digital footprint. Without a complete and accurate inventory of all internet-facing assets, threat intelligence about potential attacks is rendered far less effective. The core issue is that an organization cannot protect an asset it does not know exists, making unmanaged systems prime targets for threat actors.

The True Scale of the Unknown Attack Surface

Analysis conducted by Unit 42’s Cortex Xpanse platform highlights the vast scope of this problem. On average, security teams were unaware of 30% of their organization’s cloud assets. The scale of these blind spots can be staggering. In one documented case, a global enterprise discovered more than 300,000 previously unknown internet-facing assets, effectively doubling its known attack surface. Another organization identified 130 cloud service providers in use that were previously unknown to its IT and security departments.

This proliferation of unknown assets, often termed ‘shadow IT’, is driven by modern business operations, including rapid cloud adoption, mergers and acquisitions (M&A), and the persistence of legacy systems. Each of these factors contributes to an expanding and poorly understood digital perimeter, leaving numerous entry points unmonitored and unprotected.

Common High-Risk Exposures on Unmanaged Assets

These unknown assets are not benign; they frequently host high-risk services that serve as common vectors for cyberattacks. The most prevalent security exposure discovered on unmanaged assets was Remote Desktop Protocol (RDP). RDP is a well-known target for attackers seeking to gain initial access to a network. Other commonly found and unsecured services included Secure Shell (SSH) and Server Message Block (SMB).

The presence of these services on unmanaged systems represents a direct failure in basic security hygiene. An effective security posture is built upon a complete understanding of one’s own infrastructure. The research demonstrates a clear and urgent need for organizations to prioritize Attack Surface Management (ASM) to gain a comprehensive, outside-in view of all internet-connected assets. Only by first knowing themselves can organizations effectively use threat intelligence to know their enemies.

Source: https://unit42.paloaltonetworks.com/asset-management/