The digital footprint of the modern organization is expanding at an unprecedented rate. The move to the cloud, Internet of Things (IoT), digital transformation, connected supply chain partners and related trends have led to an explosion of internet-facing assets. Cloud workloads, websites, user credentials, S3 buckets, SSL certificates, IoT, operational technology (OT), rogue IT devices, and more exist in the thousands across most organizations. 

Each and every asset that is connected to the internet represents risk and exposure. Adversaries continue to refine reconnaissance methods to discover and exploit internet-facing assets, many that are rife with vulnerabilities. Threat actors even leverage automated tools to discover these assets en masse to exploit them as potential entry points to launch broader attacks. 

Adversary techniques to find these vulnerabilities can often outpace an organization’s ability to discover and enforce good security hygiene on a digital asset. The unfortunate truth is that the adversary often has a better sense of the organizational risk exposure of their target than the target itself does.

Risk exposure of this nature can lead to a breach. It can lead to a shutdown of operations and a loss of productivity. For many companies, attacks exploiting internet-facing assets are becoming uncomfortably frequent.  

According to the ESG Research Report on Security Hygiene and Posture Management, “Nearly seven in ten (69%) organizations admit that they have experienced at least one cyber-attack that started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Additionally, organizations with the most IT assets, and subsequently largest attack surfaces, were almost twice as likely to experience several of these cyber-attacks.” 

Stopping an attack starts with understanding risk and exposure — and the adversary should never understand your risk better than you. 

That’s why I’m pleased to announce that CrowdStrike has agreed to acquire external attack surface management (EASM) vendor Reposify to help our customers identify and eliminate risk from vulnerable and unknown assets before an attacker can exploit it. 

With the acquisition of Reposify, we plan to offer a fundamentally differentiated EASM experience as part of our industry-leading threat intelligence product line. By combining deep insights on endpoints and IT environments with transformative internet-scanning capabilities, customers will be able to gain an organization-wide view of risk across internal and external attack surfaces from the adversary’s perspective. The technology will also bolster capabilities in our growing ITSecOps offerings.

Proactive Protection Across the External Attack Surface

According to Gartner’s Top Security and Risk Management Trends for 2022, “Attack Surface Expansion” is the top risk that security and risk management leaders face in 2022 and beyond. 

In a press release, Gartner stated that “Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and IoT, open-source code, cloud applications, complex digital supply chains, social media and more have brought organizations’ exposed surfaces outside of a set of controllable assets. Organizations must look beyond traditional approaches to security monitoring, detection and response to manage a wider set of security exposures. Digital risk protection services (DRPS), external attack surface management (EASM) technologies and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps.”

At CrowdStrike, we believe that external attack surface management is critical to maintaining a strong security posture and moving away from a reactive approach to security. By understanding where shadow IT, legacy systems and unknown infrastructure potentially expose an organization, customers will be able to take a more proactive approach to managing risk, fortifying security posture and increasing resilience to cyberattacks. 

This acquisition will also serve as a force multiplier for our existing threat intelligence and ITSecOps product lines. The combined power of the technologies will enable enhanced internet-scanning capabilities to track adversary networks and uncover new ones. The external view of a customer’s network and the related security posture will drive better prioritization and remediation of vulnerabilities, delivering an unrivaled internal AND external view of risk across all assets. 

Why Reposify?

The Reposify story is in many ways a CrowdStrike story. They understood there was a growing need to better understand risk from the adversary perspective. They also saw that the state of the EASM market and internet-scanning technology offering were not delivering what customers needed. This drove Reposify to find a better way.  

Rather than relying on the same old approaches and technology, they started from the ground up to develop a customized proprietary scanning engine, which feeds into best-in-class asset identification and vulnerability enumeration tools.

They built their technology to leverage one of the largest databases of internet-facing assets — delivering one of the most complete views of an external attack service through a simple click of a button. We believe that this foresight and hard work is a leading reason why Gartner named Reposify to its 2021 emerging vendors list in the external attack surface management security category. We believe this is a testament to Reposify’s innovation in a critical market. 

Together, we share a vision of delivering deep visibility of organizational risk to all of our customers so they can stay ahead of the adversary and stop the breach. To learn more on the acquisition, check out my livestream keynote at Fal.Con 2022.  

Additional Resources

• Read the press release about CrowdStrike’s acquisition of Reposify.
• Learn from CrowdStrike CEO George Kurtz how CrowdStrike is driving the convergence of security and observability. 
• Learn how CrowdStrike is evolving Humio with the Falcon LogScale module and Falcon Complete LogScale.
• Learn how CrowdStrike Falcon® Discover for IoT helps organizations gain visibility and reduce risk across IoT and OT environments.
• CrowdStrike is unlocking XDR for all EDR customers and expanding third-party integrations across all key security domains. Learn more.
• Learn how CrowdStrike is expanding our CNAPP capabilities with the introduction of CIEM to monitor, discover and secure identities across multi-cloud environments.
• CrowdStrike and a coalition are joining forces to transform cyber insurance readiness. Learn more. 
• Learn how the powerful CrowdStrike Falcon® platform provides comprehensive protection across your organization, workers and data, wherever they are located.
• Get a full-featured free trial of CrowdStrike Falcon® Prevent™ and see for yourself how true next-gen AV performs against today’s most sophisticated threats.