Intruder boost uncovers hidden subdomains to counter shadow IT

Intruder has integrated domain intelligence data from DomainTools to offer its enterprise customers a wider view of their external digital assets. The new capability enables the detection of previously unmonitored subdomains, giving organisations broader coverage of their attack surface.

Attack surface expansion

The partnership provides Intruder's Attack Surface Management (ASM) platform with access to the FarSight database, a comprehensive repository of domain and DNS information. By leveraging this data and incorporating Passive DNS records, Intruder users can now identify and monitor subdomains that were not visible with previous approaches based only on certificate transparency and active DNS data.

This process automates the detection of assets associated with a company's digital infrastructure, including those not recorded in official inventories. Such assets, often created without the knowledge of IT security teams, are commonly referred to as "Shadow IT." These systems can present security risks if they are misconfigured or lack proper oversight.

Pilot programme results

In a pilot phase involving 60 Intruder customers, each experienced a rise in the number of subdomains detected through the upgraded solution. Among participants, 44 percent saw more than 10 additional subdomains discovered, while 23 percent identified in excess of 50. Several large organisations found hundreds of thousands of related subdomains, with one reporting identification of over a million.

These findings point to the scale of unknown assets present in many organisations. Unmonitored subdomains can act as potential entry points for cyber threats, especially if they are improperly configured or left unsupported.

Addressing Shadow IT

Shadow IT continues to be a persistent challenge in enterprise environments. New digital services, cloud resources, or development projects may bypass traditional IT processes, leading to gaps in security monitoring. Subdomains are frequently used to set up new web services, and if these are established without central oversight, they can be overlooked by conventional exposure management tools.

By providing automated discovery capabilities, Intruder's ASM platform aims to give organisations the means to close this visibility gap. Once subdomains are discovered, automated vulnerability scans can be used to identify weaknesses before they are exploited by malicious actors.

Security platform strategy

"Incorporating FarSight into Intruder's offering is more than just a new advantage for our customers to secure their external perimeters with confidence but an important step in our company's philosophy," said Andy Hornegold, Vice President of Product, Intruder. "Building platforms that handle multiple relevant functions and equip teams to quickly close their vulnerability gaps is far more effective than manual processes or integrations between disparate point solutions. The platformization of security represents a crucial step forward for IT teams to manage increasingly complex infrastructures and fight off increasingly sophisticated attackers."