XM Cyber, the leader in hybrid cloud exposure management, today announced enhancements to the company’s continuous exposure management capabilities. With attacks regularly going undetected, improving security posture is an ever-growing priority. However, oftentimes security and IT teams are not aligned on which of the thousands of CVEs, misconfigurations and at-risk identities are a priority for remediation, and what should be done about the growing number of legacy system remediation efforts that can’t be justified. The latest updates to the XM Cyber platform extends the company’s ability to address the latest hybrid cloud active directory attacks and ease security teams’ ability to prioritize and remediate threats.
Gartner® lists Threat Exposure Management as one of the Top Cybersecurity Trends in 2023 and predicts that, “by 2026, organizations prioritizing their security investments via a continuous threat exposure management (CTEM) program will suffer two-thirds fewer breaches.” Further, Gartner states, “The attack surface of a modern enterprise is complex and fragmented, a symptom of evolving IT working practices (i.e., the use of SaaS). This creates diagnosis fatigue due to ever-growing and conflicting remediation priority lists. Enterprise CISOs sense the need to evolve their assessment practices to better understand their combined exposure to threats and address gaps in their posture.”
“As the attack surface continues to expand, it can be challenging for us to prioritize our remediation efforts, decipher benign alerts and determine which exposures actually pertain to the most imminent risks to our organization’s critical assets,” said Director of Security, US Insurance company. “XM Cyber helps us combat this challenge by accurately analyzing our environmental risk and effectively pinpointing high priority exposures which require immediate attention. Their step-by-step remediation guidance has also streamlined our exposure resolution timelines and drastically improved overall security posture.”
Increasingly, attackers are leveraging identity and credential exposures to move laterally between organizations’ on-premises and cloud environments. For example, attackers have compromised Azure AD Connect, which is commonly used to synchronize AD and Azure AD environments, through a technique that includes stealing PRT tokens in order to expand their attacks blast radius across hybrid environments. XM Cyber’s platform update incorporates this and other new attack techniques, expanding its attack graph mapping technology to significantly reduce the overall effort required to improve the organization’s security posture against cyber attacks and subsequently eliminate these high-risk attack paths.
Additionally, the latest release of the XM Cyber platform adds further automation to ease the remediation of excessive shadow-admin permissions. The list of admin permissions that create the highest risk to the organization, as discovered by XM Cyber’s attack graphs, is now correlated against the historic usage of these accounts, enabling customers with the subset list of these permissions to disrupt future attackers without disrupting the business.
“Attackers continue to leverage identity exposures to execute malicious acts as they enable lateral movement and most often boast the best end reward access to critical assets,” said Boaz Gorodissky, CTO & Co-Founder at XM Cyber. “As illustrated by our latest platform enhancements, our objective is to provide organizations with the ability to bring IT and security teams together to remediate, or find alternatives ways to resolve, the few exposures that pose the highest risk to the business. By focusing efforts on remediating what matters most, it can lead to significant improvements in efficiencies amongst security teams and also greatly reduce an organization’s overall attack surface with a few simple fixes.”