Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Proprietary Research From Tenable Calculates External Attack Surface of Brazil's Largest Organizations

May 3, 2023 · Rio de Janeiro

 

Data reveals 100% of organizations still rely on a legacy security protocol
dating back to 1999

Brazil’s largest organizations have an average of 5,700 internet-facing assets

Research data from Tenable®, Inc., the Exposure Management company, illuminates the immense challenge Brazilian organizations face in identifying and protecting their internet-facing assets. An inventory of the external attack surface of 20 of Brazil's largest organizations1 [as listed by BOVESPA] were examined on Monday, April 24, 2023. The results show how complex, geographically dispersed, and hybrid these environments have become, and illustrate the sheer scale of the cybersecurity architecture that needs to be secured.

The research reveals that, of the companies examined, most have a sprawling expanse of internet-facing assets2, with an average of 5,755 to identify and protect. One organization alone has just under 35,000 such assets. 

“The modern business world continues to drive towards the digitization of everything. As a result, we see an increasing number of internet-facing assets belonging to businesses of all sizes and across all industries. Each and every internet-facing asset, whether mission critical or not, is a potential exploitable entry point into an organization. Attackers are constantly surveilling the attack surface maps of the organizations they target for any weak link – especially assets the organization doesn’t know they own,” stated Jeremiah Grossman, Vice President of Engineering, Tenable.

 

The challenge of identifying and updating outdated technology

One striking observation is that 100% of organizations had web-based assets that still support TLS 1.0 [a security protocol first defined in 1999 for establishing encrypted channels over computer networks] that was disabled by Microsoft in September [2022]. Over 20% of companies had instances of SSLv2 and over 60% had instances of SSLv3 - the predecessor to TLS. In addition to the risk this poses to sensitive internet traffic, this is just one example demonstrates how challenging it is for organizations to identify their internet footprint and update outdated technologies.

 

Notable variation of cloud assets

The vast array of internet-facing assets is supported by a complex cloud infrastructure built upon public services, further complicating each organization’s attack surface2 and making it more difficult to identify, monitor and protect. Amongst the 20 large organizations studied, Tenable found notable variations in how large organizations leverage public cloud3 providers. For example, 1 out of every 4 organizations delivers over 70% of their internet-facing assets via the cloud, while 1 in 5 organizations delivers less than 20% via cloud. Across all companies studied, on average they deliver 38% (median 38%) of their internet-facing assets via public cloud3

Within the three cloud vendors studied, Amazon Web Services delivers the majority, accounting for an average 64% of assets hosted in the cloud, with Microsoft and Google sharing the remainder. This leaves organizations reliant on a third party to apply the same stringent controls to protect their data and systems. 

 

Geographically dispersed assets

Looking at the geographical disbursement of these organizations, the study identified that on average, their assets are located in or delivered from 22 different countries. In fact, only 23% of assets are located in or delivered through Brazil, with 51% through the U.S. This has implications from a data protection perspective. 

“The rising number of cyberattacks in Brazil means that cybercriminals are finding holes in our current defenses. As Brazilian businesses continue to evolve, it's imperative for security professionals to adopt an exposure management strategy to reduce their cyber risk. Organizations should proactively maintain a constant, in-depth understanding of their assets in order to identify and prioritize security risks before they are exploited." Arthur Capella, Country Manager, Tenable Brazil. 

 

Key Findings:

  • Total Internet-facing Assets: Average 5,755 / Median 1,279
  • Assets Hosted in the Cloud (Amazon, Microsoft, Google): Average 38% / Median 28%
  • Cloud-Asset Marketshare by Vendor: Amazon (Average 64% / Median 66%), Microsoft (Average 24% / Median 21%), Google (Average 12% / Median 10%)
  • Number of Countries: Average 22 / Median 17
  • Assets Located or Delivered though Brazil: Average 23% / Median 17%
  • Assets Located or Delivered though the U.S.: Average 51% / Median 47%
  • Assets Supporting TLS 1.0: Average 248 / Median 105
  • Assets Supporting TLS 1.1: Average 284 / Median 185
  • Assets Supporting SSLv2: Average 1 / Median 0
  • Assets Supporting SSLv3: Average 4 / Median 2

 For further information visit www.tenable.com.

About Tenable

Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

 

Notes to Editors:

  1. Tenable examined 20 companies, chosen at random from Índice Bovespa*
  2. In the context of this alert:
  • An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
  • The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset.
  • When calculating public cloud deployment, the study examined Amazon Web Services, Google Cloud Platform and Microsoft Azure.
  • Stay up to date!

    Subscribe to our email alerts for new press releases.

    Subscribe for press release updates

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Try Tenable Web App Scanning

    Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

    Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

    Buy Tenable Web App Scanning

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    5 FQDNs

    $3,578

    Buy Now

    Try Tenable Lumin

    Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

    Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

    Buy Tenable Lumin

    Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

    Try Tenable Nessus Professional Free

    FREE FOR 7 DAYS

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

    NEW - Tenable Nessus Expert
    Now Available

    Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

    Fill out the form below to continue with a Nessus Pro Trial.

    Buy Tenable Nessus Professional

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

    Select Your License

    Buy a multi-year license and save.

    Add Support and Training

    Try Tenable Nessus Expert Free

    FREE FOR 7 DAYS

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Already have Tenable Nessus Professional?
    Upgrade to Nessus Expert free for 7 days.

    Buy Tenable Nessus Expert

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Select Your License

    Buy a multi-year license and save more.

    Add Support and Training