Know Your Network
As organizations grow, they tend to lose track of their online assets. As different departments bring servers and web pages online, these actions are not always communicated back to a central IT or infosec team—we see this in government, Fortune 500, and startups alike.
The siloed growth of corporate IT networks is pervasive and problematic. For one, Internal IT/security teams can’t protect assets they don’t know about. Further, it is possible to unknowingly divulge sensitive information through public-facing online assets—like the time Twitter “scooped” itself.
For companies of any scale, a thorough accounting of your own online assets is instrumental not only for basic security, but also for preventing unwanted disclosures, brand protection, maintaining regulatory compliance, and optimizing use of IT resources. OutsideIntel provides the best tools to monitor your own public-facing IT infrastructure.
Fortune 500 Exposure
In an OutsideIntel API study performed on the primary domains* of Fortune 500 companies, we found that many of the world’s most valuable companies are also quite vulnerable. More than 1 in 5 Fortune 500 networks has an admin server visible to the public Internet (Ashley Madison was infiltrated through a publicly visible admin server). Almost as many Fortune 500 networks included public references to private servers (Non-Routable IP), and more than three-fourths of the Fortune 500 had staging, testing, and/or development servers visible to the public Internet.
- Admin Servers 22%
- Non-Routable IP 16%
- Staging, Testing, & Development Servers 76%
*As this study focused only on the primary domain associated with each Fortune 500 company, the true online exposure of the Fortune 500 is not reflected in the numbers above—it is much higher.