Ethical Hacking News
A New Approach to Endpoint Security: Understanding Your Real Attack Surface
As cybersecurity threats continue to evolve, traditional approaches to endpoint security are no longer effective. In this article, we will explore a new method for assessing an organization's attack surface and how it can be used to improve endpoint security.
Traditional endpoint security approaches are no longer effective due to "living off the land" (LOTL) attacks.Over-reliance on trusted utilities and tools increases vulnerability to attackers.The tool identifies vulnerable users, endpoints, and tools, allowing for prioritized removal.IASA provides a defensible exposure number, enabling CISOs and cybersecurity professionals to prioritize efforts.The impact of IASA cannot be overstated as it aligns with Gartner's projection that preemptive cybersecurity will account for 50% of IT security spending by 2030.
The landscape of cybersecurity threats is constantly changing, and traditional approaches to endpoint security are no longer effective. With the rise of "living off the land" (LOTL) attacks, where attackers use legitimate tools and utilities to gain access to an organization's systems, it has become increasingly difficult for defenders to stay one step ahead. The most significant risk now is not malware, but rather what the organization already trusts.
In a recent article published on The Hacker News, researchers from Bitdefender highlighted the problem of "over-entitlement" in Windows 11 installations, where 133 unique binaries are spread across 987 instances. This has led to an over-reliance on trusted utilities and tools, making it easier for attackers to exploit vulnerabilities and gain access to sensitive data.
To combat this issue, Bitdefender has developed a new tool called Internal Attack Surface Assessment (IASA), which provides a 45-day, low-effort engagement that turns the abstract problem of "living off the land" into a specific, prioritized list of users, endpoints, and tools that can be safely removed from attackers without breaking the business.
The IASA tool works by building behavioral profiles for every machine-user pair over a period of 30 days. This allows organizations to identify which users and devices are most vulnerable to attack. The tool then provides an exposure score (0-100) and a prioritized list of findings across five categories: living-off-the-land binaries, remote admin tools, tampering tools, cryptominers, and piracy tools.
Once the assessment is complete, organizations can choose to apply controls manually or allow Bitdefender's PHASR technology to enforce them. The tool also includes an optional reduction sprint, where users can request access back through a built-in one-click approval workflow.
In recent tests, early-access customers have reported significant reductions in their attack surface, with some seeing a 30% reduction in just the first 30 days. This has the potential to be a game-changer for organizations looking to improve their endpoint security posture.
So, what does this mean for different stakeholders? For CISOs and cybersecurity professionals, IASA provides a defensible, board-ready exposure number that moves week over week, mapped to behaviors attackers actually use. This allows them to prioritize their efforts and focus on the most critical vulnerabilities. For business decision-makers, IASA provides documented, ongoing surface reduction – increasingly what regulators, auditors, and cyber-insurers want to see.
The impact of IASA cannot be overstated. As Gartner projects that preemptive cybersecurity will account for 50% of IT security spending by 2030, up from less than 5% in 2024, it's clear that traditional approaches to endpoint security are no longer enough. By using IASA, organizations can take a proactive approach to securing their endpoints and staying one step ahead of attackers.
In conclusion, the threat landscape is constantly evolving, but with the right tools and approach, organizations can stay ahead of the curve. The Internal Attack Surface Assessment (IASA) tool from Bitdefender provides a comprehensive solution for improving endpoint security posture and reducing the attack surface. By understanding your real attack surface and taking proactive steps to secure your endpoints, organizations can protect themselves against even the most sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Understanding-Your-Real-Attack-Surface-A-45-Day-Assessment-for-Enhanced-Endpoint-Security-ehn.shtml
https://thehackernews.com/2026/05/what-45-days-of-watching-your-own-tools.html
Published: Fri May 15 07:08:00 2026 by llama3.2 3B Q4_K_M
