press release
SAN FRANCISCO, CA — May 7, 2024 — At today's RSA conference, run zero ” was announced. runZero research reportis the first in a series of publications examining the state of asset security across global enterprises.As a leading provider of Managing cyber asset attack surface areas (CAASM) compliant report leverages runZero's unique perspective across hundreds of enterprise networks, including internal infrastructure, internet-connected assets, and cloud environments.
“Our research reveals alarming gaps and unexpected trends in enterprise infrastructure, including the decline of network segmentation, persistent challenges in attack surface management, and the increasing amount of dark matter on modern networks. ” said HD Moore, Founder and CEO. “runZero is built on the principle that applied research enables better asset discovery, and that better asset discovery is the foundation modern exposure management organizations need to successfully defend against these challenges. Ta.”
Key findings include:
-
The convergence of IT and OT is increasing an organization's attack surface and requiring new technologies to discover and manage assets. OT systems are high-value targets for attackers and are constantly exposed to untrusted networks. More than 7% of his sampled ICS assets are exposed to the public internet. These assets include programmable logic controllers, power meters, and protocol gateways, all of which play critical roles in critical infrastructure.
-
Outlier devices are often the most at risk. The runZero outlier score is defined as how unique an asset is within the context of neighboring assets and is strongly correlated with risk rankings reported by leading vulnerability scanners. This correlation works both ways, with lower outlier scores consistently lowering overall risk. Defenders can leverage outlier analysis to quickly identify the most vulnerable systems in their environment.
-
Security teams often have limited or no visibility into more than half of the physical devices on their networks. Network “dark matter” (devices that are not managed by IT departments and are rarely updated) make up his 19% of corporate networks, and another 45% of these devices have limited management capabilities.
-
End-of-life hardware and operating systems continue to degrade your security posture. While Windows 2012 R2 and Ubuntu 14.04 are the most common EoL operating systems observed, older versions of VMware ESXi and out-of-support network devices are a serious concern.
-
Printers and network-attached storage devices often allow traffic to be forwarded between networks, subverting network segmentation controls. runZero has identified unexpected IP forwarding behavior across dozens of devices, ranging from smart TVs to robot vacuums.
-
Zero-day attacks at the network edge are on the rise, and suppliers are struggling to provide timely patches. In his first four months of 2024, runZero is 23 quick response
Covers over 60 individual vulnerabilities.
-
92% of systems running Secure Shell (SSH) services allow password-based authentication, exposing these systems to brute force and credential stuffing attacks. In addition to insecure authentication methods, thousands of systems rely on hard-coded cryptographic keys shared between unrelated environments, negating many of the protocol's security benefits.
-
Almost 16% of all Transport Layer Security (TLS) implementations rely on deprecated versions of OpenSSL, putting these systems at risk of future compromise. This discovery was made possible through runZero's unique fingerprinting methodology, which reliably identifies and determines versioning of services by behavior rather than configuration.
-
Windows has improved Remote Desktop Protocol (RDP) security with the introduction of Network Layer Authentication (NLA) support, but this has not carried over to Linux-based RDP implementations such as xrdp, and many Windows systems have older, more vulnerable It remains configured.
-
Server Message Block (SMB) v1 is still enabled on 13% of Windows systems. Although SMBv1 is disabled by default in newer versions of Windows, there are still millions of legacy systems using this older protocol.
runZero's research focuses on identifying at-risk devices through accurate fingerprinting and fast outlier analysis. This report also describes runZero's research process, the fingerprinting techniques created, and the actual results of these efforts.
About Runzero
runZero delivers the fastest and most complete security visibility possible, giving organizations the ultimate foundation to properly manage risk and exposure. Rated #1 by Gartner Peer Insights, the company's leading Cyber Asset Attack Surface Management (CAASM) platform starts delivering insights in literally minutes and supports IT, OT, IoT, cloud, mobile, and remote assets. Discover both managed and unmanaged devices across the entire spectrum. . By combining powerful and unique active scanning, passive discovery, and integration, runZero is able to provide the most accurate and detailed data and insights for organizations in all sectors. Boasting a world-class NPS score of 82, runZero is trusted by over 30,000 users to improve their security visibility.