Key Points
For many organizations, Shadow IT has become the silent saboteur of security strategy. As teams innovate and deploy new systems at speed, assets are spun up – often outside the purview of IT or security. These unmonitored systems, unknown subdomains, and forgotten services expand an organization’s attack surface without anyone realizing it.
Attackers, however, are all too aware. Every forgotten subdomain or unsecured service represents a potential entry point. And while defenders are busy protecting the systems they know about, it’s the ones they don’t that often lead to compromise.
Recognizing this growing visibility gap, Intruder has partnered with DomainTools to deliver enhanced attack surface discovery capabilities to help Enterprise plan customers uncover and secure the unseen corners of their external perimeter.
Illuminating Blind Spots in Your Attack Surface
Intruder’s new partnership with DomainTools leverages access to the FarSight database, the world’s largest and most trusted repository of domain and DNS data, to power broader, deeper attack surface discovery coverage.
By integrating Passive DNS (pDNS) data from FarSight directly into Intruder’s Attack Surface Management (ASM) platform, Enterprise customers now benefit from the enhanced ability to automatically detect and secure subdomains that were previously invisible to their exposure management program.
This upgrade adds a vital new dimension to Intruder’s existing discovery methods, which previously relied primarily on certificate transparency logs. With the addition of Passive DNS, Intruder can now surface assets that have appeared historically or in less obvious corners of an organization’s domain footprint. It’s these assets that are often the root of Shadow IT issues.
Reality Check: Attack Surfaces Are Sprawling
During an initial pilot involving 60 Intruder customers, every single one saw an increase in the number of related subdomains detected.
- 44% of customers discovered more than 10 additional subdomains.
- 23% identified over 50 new subdomains.
- For some large enterprises, the FarSight integration surfaced hundreds of thousands of related subdomains – and in one case, over a million.
These results underscore a sobering truth: the digital estates of modern organizations are ever changing and far larger than most realize. Without continuous insight into their attack surface, even the best security programs can leave dangerous blind spots.
Managing the Shadow IT Challenge
Shadow IT refers to the systems, services, and infrastructure spun up without the knowledge, or approval, of the teams responsible for security. These assets might be created by developers testing a new idea, by marketing teams deploying a campaign site, or by external vendors integrating with production systems.
Regardless of intent, the result is the same: unknown systems that can be discovered and exploited by attackers. Even minor misconfigurations or unpatched vulnerabilities on those machines can lead to serious breaches.
One of the most effective ways to fight Shadow IT is by monitoring subdomain creation. New web services nearly always require a subdomain, making them a reliable signal for the existence of new assets. By continuously enumerating and analyzing subdomains, organizations can identify unauthorized systems early and bring them under management, before they become a liability.
A More Complete Picture of Risk
By integrating with DomainTools’ FarSight database, Intruder now offers its Enterprise customers a best-in-class view of their external attack surface. The enhanced coverage allows organizations to:
- Automatically discover unknown subdomains in their estates
- Identify and secure Shadow IT assets before attackers do
- Maintain continuous visibility across dynamic, distributed environments
- Streamline security workflows with a unified exposure management platform
For lean security teams trying to stay ahead of threats, this combination delivers the confidence that comes from knowing you’ve got eyes across your full perimeter.
Uncover Shadow IT in Your Estate with Intruder
The partnership between Intruder and DomainTools is a major step toward closing the visibility gap caused by Shadow IT. To explore how Intruder’s Attack Surface Management capabilities can help protect your organization, book an introductory call with one of our experts.
