惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

www.infosecurity-magazine.com
www.infosecurity-magazine.com
D
DataBreaches.Net
T
Tailwind CSS Blog
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
F
Full Disclosure
V2EX - 技术
V2EX - 技术
N
News and Events Feed by Topic
Help Net Security
Help Net Security
L
LangChain Blog
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
Google Online Security Blog
Google Online Security Blog
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Blog of Author Tim Ferriss
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
B
Blog RSS Feed
N
Netflix TechBlog - Medium
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
V
Vulnerabilities – Threatpost
B
Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园_首页
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
AI
AI
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cyberwarzone
Cyberwarzone
P
Proofpoint News Feed
Google DeepMind News
Google DeepMind News
G
GRAHAM CLULEY
Vercel News
Vercel News
罗磊的独立博客
MyScale Blog
MyScale Blog
Last Week in AI
Last Week in AI
博客园 - 司徒正美
C
CERT Recently Published Vulnerability Notes
GbyAI
GbyAI
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
A
About on SuperTechFans
P
Privacy International News Feed

Infoblox Blog

Oracle Cloud Discovery for Universal Asset Insights | Infoblox Why Asset Discovery Integrations Start with Network Intelligence Infoblox Kentik Acquisition: AI-Driven Network and Security Intelligence Proxyware actor behind fake 7-Zip is bigger than you think! Using Protective DNS to Dismantle Global Scam Networks | Infosecurity Europe 2026 Residential Proxies: Why DNS Is the Stronger Play NIST Maps DNS Security to the Cybersecurity Framework 2.0 Trusted Infrastructure Data for AI and AgenticOps | Infoblox Meet Your Security Analyst’s New AI Teammate | Infoblox IQ DCloud Uni-App: One Framework, 236,000+ Scam Sites Operation Endgame VS SocGholish Fake Updates Human Judgment Hacks: How Lookalike Domains Work Residential Proxies in the Wild Unlocking Universal DDI on Equinix: Infoblox Brings Cloud-First DDI to Equinix Network Edge “Headless”? What Is It and Do I Need to Go There? The Alert Is Already Too Late Infoblox Earns Terraform Partner Premier Status for NIOS Provider What 550 Security Leaders Just Told Us about the Age of AI, and Why Preemptive Digital Risk Protection Can’t Wait Lookalike Domains Expose the iPhone Theft Economy Amusing Numerology: Analysis of the Numbers in Domain Names 4 Trends Shaping the Future of Network Operations Preemptive Threat Disruption at Scale: How Infoblox and Axur Turn External Risk into Protection Why the Axur Acquisition Marks a Turning Point for Preemptive Security Don’t Wait To Be Attacked: Stop Phishing, C2 and Data Exfiltration with Infoblox Threat Intelligence in AWS Network Firewall Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs AI, Project Glasswing and DNS: Beyond Vulnerabilities Three Infoblox Integrations with Google Cloud That Give Enterprise Teams More Control Over Their Networks Protective DNS: Why Telcos Are Turning to DNS as the Platform for Consumer Security Automating Infoblox DDI with Red Hat Ansible | Configuration as Code for DNS, DHCP and IPAM Hiding in Plain Sight: Abusing Composite Domain Names What You Cannot See is Hurting You Most NIST SP 800-81r3: A Long-Overdue Wake-Up Call for DNS Security Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro NIST SP 800-81r3: What’s New? No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution Unified Asset Visibility: A Strategic Imperative for CIOs and CISOs Infoblox Partners with Leading SASE Vendors to Modernize DNS and DHCP for Distributed Enterprises NIST DNS Security Best Practices: Top 5 Takeaways Break out the bubbly: NIST SP 800-81r3 has been published! Empowering Women to Lead in APJ: Infoblox at the Leadership Summit for Women in Technology, AI & Cyber
The Half of Your Attack Surface Nobody Owns
Daniel Brody · 2026-06-02 · via Infoblox Blog

Attack surface management has spent the last few years catching up to a problem that keeps getting larger. The SANS 2025 Attack Surface Management (ASM) Survey, authored by SANS principal instructor Chris Dale and based on responses from 235 cybersecurity professionals, frames it well in its title: “Hackers Don’t Wait—Why Should We?” The data behind that question is what makes this survey particularly relevant to where Infoblox is taking Digital Risk Protection Services (DRPS), part of Infoblox Exposure Management.

Where our Sapio research examined how 550 security leaders are responding to AI-driven external threats, the SANS findings tell a complementary story about what teams now expect from the platforms they buy: unified coverage, business-aligned risk and action; NOT more alerts.

What 235 Security Pros Just Told SANS They Want

A few data points from the survey stand out for how directly they map to the gap Digital Risk Protection Services is built to close:

  • 55 percent of respondents explicitly demand ASM solutions that provide unified coverage of both external and internal assets, significantly outpacing those who prioritize external-only or internal-only coverage. Teams are done buying separate tools for separate sides of the perimeter.
  • 37 percent rank understanding their external attack surface as their top desired outcome, signaling that external exposure is no longer a secondary concern but the primary use case driving ASM investment.
  • 89 percent expect ASM platforms to quantify risk for every asset and demonstrate business impact, not just produce findings. The bar has moved from technical reporting to executive-grade risk intelligence.
  • More than two-thirds (67 percent) expect explicit mitigation recommendations directly from their ASM platform. Identifying exposure isn’t enough. Teams expect platforms to accelerate remediation and reduce operational overhead.
  • Only 28 percent of existing ASM platforms effectively identify sensitive data across the environment, a significant gap given how often sensitive data exposure leads to breach, fraud and regulatory penalties.
  • About a third (35 percent) want current information on vulnerabilities, including whether each is actively exploited or has publicly available proof-of-concept exploits, reinforcing that real-world exploitability, and not raw counts, is what drives prioritization.

The throughline is hard to miss. Security leaders are moving away from fragmented, alert-driven tools and toward unified, automated, business-aligned risk operations. They want platforms that connect external visibility to internal context, translate findings into business risk, and shorten the distance between discovery and disruption.

Why Most Attack Surface Tools Miss the Half That Hurts

Most ASM offerings still center on internet-facing assets the organization owns: domains, IPs, certificates, exposed services, cloud misconfigurations. That’s important, but it’s only half of the external risk story. The other half lives on attacker-controlled infrastructure: lookalike domains, phishing kits, fraudulent ads, rogue mobile apps, executive impersonation, leaked credentials and brand abuse across the open web, social platforms and the deep and dark web.

Three operational realities make this side particularly painful:

  • Visibility without Action: Traditional ASM surfaces what exists; it rarely disrupts what’s actively abusing it. The 37 percent of respondents naming external exposure as their top outcome are explicit that visibility alone isn’t enough.
  • Sensitive-Data Blind Spots: With only 28 percent of ASM tools effectively detecting sensitive-data exposure, leaked credentials and customer data circulate on dark web forums and paste sites long before defenders are aware.
  • Manual Takedown Drag: Even when external threats are found, removing them traditionally requires analyst-driven evidence collection, registrar coordination and weeks of follow-up, which is work that doesn’t scale against attackers who leverage AI to spin up new infrastructure in minutes.

From Findings to Disruption

Digital Risk Protection Services is built for exactly the operating model SANS respondents describe: unified coverage, automated action, measurable business outcomes and tight integration with the workflows teams already run.

  • On Unified Internal and External Coverage (55 percent): Digital Risk Protection Services pairs Axur-powered external discovery and disruption with Protective DNS, part of Infoblox Threat Defense™. External attacker infrastructure is taken down on the outside while managed users, devices and workloads are blocked at the DNS layer on the inside, providing one continuous loop and not two disconnected programs.
  • On External Exposure as the Top Desired Outcome (37 percent): Digital Risk Protection Services continuously discovers brand abuse, phishing infrastructure, fraudulent ads, rogue apps and impersonation across web, social, ads, app stores and underground forums, then validates real abuse with multi-modal AI that catches campaigns keyword- and domain-similarity tools miss.
  • On Risk Quantification and Business Impact (89 percent): Every action is tracked with defensible evidence, clear status and full audit history, designed to support the executive-friendly reporting and outcome metrics SANS respondents say they need to justify investment.
  • On Explicit Mitigation Recommendations (67 percent): Digital Risk Protection Services doesn’t stop at findings. AI-driven validation initiates evidence-backed automated takedowns end to end, with sub-four-minute first notifications to service providers after threats are detected, a roughly nine-hour median time from attack confirmation to removal, a 98.9 percent success rate, 86 percent of removals fully automated and 15-day stay-down monitoring to prevent recurrence.
  • On the Sensitive-Data Discovery Gap (only 28 percent effective): Digital Risk Protection Services continuously monitors paste sites, dark web forums, breach databases and underground marketplaces for exposed credentials, payment data, source code and sensitive records, correlated back to the affected brand and prioritized by likelihood of fraud or account takeover.
  • On the Speed of Attacker Innovation: Pairing automated external takedown with DNS-layer blocking compresses the exposure window. Managed users are protected within minutes while removal proceeds, and DNS intelligence expands every confirmed takedown into the broader attacker campaign rather than chasing one-off domains.

One Loop, Inside and Out

Digital Risk Protection Services is the first phase of Infoblox Exposure Management. The next phases, which will include External Attack Surface Management (now available in early access) and Cyber Asset Attack Surface Management, directly address the unified internal-and-external operating model the SANS data shows the market is asking for. Outside-in discovery of internet-facing assets, DNS- and DDI-powered ownership context, and integrated risk quantification will close the loop from external threat to internal accountability, in the same continuous cycle.

The Bottom Line

If your team is investing in attack surface management, the SANS 2025 data is a clear signal of where the market is heading: unified coverage of internal and external assets, business-aligned risk, automated mitigation and faster time to action. Digital Risk Protection Services delivers that today on the side of the perimeter where threats originate and connects it to the DNS-layer enforcement and internal context Infoblox is uniquely positioned to provide.

Read the SANS 2025 Attack Surface Management Survey, then talk to us about how Digital Risk Protection Services can help you act on what the research is telling you.

Senior Product Marketing Manager, Infoblox

Daniel Brody is a Senior Product Marketing Manager at Infoblox, where he leads messaging and go-to-market motions for Continuous Threat Exposure Management (CTEM) and external threat and digital risk protection. He focuses on translating exposure intelligence, threat research, and preemptive security controls into clear positioning that helps organizations reduce risk before impact. Daniel has over a decade of experience in cybersecurity and technology marketing, with prior roles spanning product marketing, content strategy, and communications. He has worked with security-focused startups including Cynerio (acquired by Axonius), Illusive (acquired by Proofpoint), and other high-growth technology companies, supporting solutions across threat detection, infrastructure security, and emerging risk domains.

View All Posts