Bitdefender launches free attack surface assessment

Bitdefender has launched a free internal attack surface assessment for organisations with 250 or more employees.

The programme is designed to identify cyber risk created by unnecessary user access to applications, system tools and operating system utilities often used in modern attacks. It gives customers a view of internal exposure and guidance on how to reduce it.

The launch reflects a wider shift in attack methods away from conventional malware and towards so-called Living-Off-the-Land techniques. These attacks use legitimate software and built-in system tools to gain access, avoid detection and move through corporate environments while appearing to be normal activity.

Bitdefender's analysis of more than 700,000 real-world security incidents found legitimate tools and Living-Off-the-Land techniques were involved in more than 84% of major attacks. Among the utilities cited were PowerShell and WMIC, which attackers use to escalate privileges and move laterally within systems.

Risk Exposure

The assessment runs for 45 days and is intended to operate without disrupting staff or day-to-day business. Participating organisations can begin assessing and monitoring their environment as soon as they enrol.

The service focuses on internal exposure at the user level. It identifies employees with access to applications, tools and utilities beyond what their roles require, and maps that access against baseline behaviour and threat intelligence.

It also aims to highlight shadow IT and unauthorised tools, including unusual network activity, access to non-approved binaries and applications not recognised by the organisation that are attempting to reach company resources.

Customers can use the findings to prioritise mitigation work and harden their internal environment. Organisations may apply controls manually or automatically with Bitdefender's guidance, which it says can reduce attack surface exposure by up to 95%.

Product Link

The assessment is tied to GravityZone PHASR, Bitdefender's Proactive Hardening and Attack Surface Reduction technology. The product uses behaviour-based security hardening and real-time threat intelligence to identify excessive user access and restrict or block unnecessary applications and tools.

The announcement comes as security vendors and corporate IT teams place greater emphasis on prevention and hardening rather than relying only on detection after an intrusion has begun. The use of trusted administrative tools by attackers has made this area of defence more prominent because the software is often already present and approved within an organisation.

Bitdefender said the assessment is intended to address what it describes as a hard-to-detect internal security gap. The company framed the issue as one of over-entitlement, where users retain access to tools and utilities they do not need for their role but that may still be available to an attacker if an account is compromised.

"Cybercriminals are increasingly exploiting legitimate applications and system tools to bypass traditional defenses, creating a growing and often invisible attack surface that is difficult to defend," said Andrei Florescu, President and General Manager, Bitdefender Business Solutions Group.

"The Bitdefender Attack Surface Assessment gives organizations a clear, data-driven view of these risks and a path to remediation. We are offering it at no cost to help level the playing field, enabling organizations to identify and close critical gaps in their internal attack surface as adversaries rapidly shift tactics," Florescu added.