* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* 2022 ASM Threat Report v2...

# 2022 ASM Threat Report v2.1: Tending to Your Attack Surface Garden

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Ftending-to-your-attack-surface-garden%2F)  
[](https://twitter.com/share?text=2022+ASM+Threat+Report+v2.1%3A+Tending+to+Your+Attack+Surface+Garden&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Ftending-to-your-attack-surface-garden%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F07%2Ftending-to-your-attack-surface-garden%2F&title=2022+ASM+Threat+Report+v2.1%3A+Tending+to+Your+Attack+Surface+Garden&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/07/tending-to-your-attack-surface-garden/&ts=markdown)  
\[\](mailto:?subject=2022 ASM Threat Report v2.1: Tending to Your Attack Surface Garden)  
Link copied  
By [Michael Heller](https://www.paloaltonetworks.com/blog/author/michael-heller/?ts=markdown "Posts by Michael Heller")  
Jul 20, 2022  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[ASM threat report](https://www.paloaltonetworks.com/blog/tag/asm-threat-report/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)

Attack surfaces are living things -- they grow and change. And, much like any living thing, they need constant care. To see how those efforts are going, the [Cortex® Xpanse™](https://www.paloaltonetworks.com/cortex/cortex-xpanse) research team studied the global attack surface and discovered that, as a whole, security teams are having trouble keeping up with needed risk remediation.

We monitored scans of 50 million IP addresses (over 1% of the entire internet) associated with 100+ global enterprises to understand how attack surfaces change, what exposures plague various industries, how long some exposures remain active, and to uncover the realities of [attack surface management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management) (ASM).

Looking at the data, we can see evidence of a vicious cycle. Organizations face a continuous stream of new attack surface issues, those issues are not all remediated, and those exposures become the low-hanging fruit sought out by threat actors as easy targets.

While zero-day vulnerabilities and sophisticated attacks get fancy nicknames and lots of media coverage, the majority of risks on the global attack surface are in more common software and services, like Remote Desktop Protocol (RDP) or exposed admin login portals.

The 2022 ASM Threat Report v2.1 features the breakdown of attack surface exposures by industry, based on data gathered between March 2021 and June 2022. The key findings are based on observable data and not self-reported surveys:

1. **Cloud Continues To Be a Big Target**90% of all issues observed on the global attack surface were in the cloud. This is certainly due to an increased reliance on the cloud, but it also highlights that the speed at which cloud assets are deployed can cause headaches for security teams. It is so easy to deploy to the cloud, and it is just as easy to accidentally expose or misconfigure assets, or even deploy new cloud assets completely outside of security procedures.
2. **Low-Hanging Fruit Continues to Hang** Non-zero day exposures dominate the global attack surface. Nearly one out of every four issues we found was related to [an exposed RDP server](https://www.paloaltonetworks.com/blog/2021/07/diagnosing-the-ransomware-deployment-protocol/), a major gateway for ransomware. Additionally, the top four exposure types -- RDP, networking and security infrastructure, data storage and analysis, and building control systems -- make up nearly 72% of all issues seen on the global attack surface.
3. **End-of-Life Software = End-of-Life for Your Security**By definition, end-of-life (EOL) software is insecure because it is no longer being actively supported. Unfortunately, we found around 30% of organizations running EOL software affected by Common Vulnerabilities and Exposures (CVEs) with known active exploits.
4. **Issues Are Complex and Unique Across Industries**Just like your personal garden will be unique to your wants and needs, each organization has a unique attack surface. However, zooming out a bit can show some similarities among different industries, and the types of issues faced can be far more dangerous in one industry compared to another. For example, our data showed that wholesale and retail had a similar amount of RDP exposure (~65%) compared to healthcare (~67%). But, while personal data would be at risk in the former, human lives are at risk if a hospital is attacked.
5. **What Is New Becomes Old on Attack Surfaces**Xpanse data showed that regardless of the industry, new issues are constant; not one industry we studied showed success in reducing its attack surface. Some industries observed had slower rates of increased attack surface issues (rated high or critical), like transportation and logistics or utilities and energy, with median rates of 3.67% and 6.36%, respectively. Others, like healthcare, insurance, pharma and life sciences, had far higher rates of new attack surface issues at 24%, 26.2% and 24%, respectively.
6. **RDP and Cloud Exposures Are Persistent**These new attack surface issues are not being remediated quickly enough, so exposures become persistent risks. Seven of the 12 industries observed by Xpanse averaged more than seven days per-month with an active RDP exposure. Additionally, five of the 12 industries had more than 400 median active cloud issues per-month.

All of this data uncovers fundamental truths about attack surface management. First, visibility is paramount. If you don't know where exposures live, it's impossible to even know the full scope of your exposures and risks, let alone be able to remediate them all.

But, having a clear view of your attack surface is only as valuable as your ability to act upon the information you find, and far too many security teams throughout the world lack the needed resources, staff and/or expertise.

A comprehensive and continuously updated inventory of all internet-connected assets is the foundation of security work, but security teams need to ensure they implement resilient processes to help handle common issues like isolating or decommissioning assets running EOL software, mitigating RDP exposures or tracking new cloud deployments for misconfigurations.

Attackers scan the entire internet looking for weak points, so defenders should be doing the exact same. Armed with an attacker's point of view, organizations can have a clear view of their attack surface gardens and ensure any issues are tended to. Without continuous care, it is all too easy to have new issues become persistent exposures and [unmanaged assets](https://www.paloaltonetworks.com/cortex/cortex-xpanse/unmanaged-cloud-asset-management).

To learn more about other critical findings on the unmanaged attack surface, based on observable data from 100+ companies, read the [2022 Cortex Xpanse Attack Surface Threat Report](https://start.paloaltonetworks.com/2022-asm-threat-report.html).

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### 2023 Unit 42 Attack Surface Threat Report Highlights the Need for ASM](https://www2.paloaltonetworks.com/blog/2023/09/attack-surface-threat-report-highlights-need-for-asm/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in Attack Surface Management](https://www2.paloaltonetworks.com/blog/2024/09/forrester-names-palo-alto-networks-a-leader-in-attack-surface-management/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### 2022 ASM Threat Report](https://www2.paloaltonetworks.com/blog/2022/04/2022-asm-threat-report/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Cortex Xpanse Assess Brings Best in Class ASM to SMBs](https://www2.paloaltonetworks.com/blog/2022/03/best-in-class-asm-to-smbs/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Cortex Xpanse rated leading ASM product](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xpanse-rated-highest-value-asm-vendor/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Building the Zero Trust Enterprise: The Role of the SOC](https://www2.paloaltonetworks.com/blog/2022/02/the-role-of-the-soc/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language