* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/)
* 2023 Unit 42 Attack Surfa...

# 2023 Unit 42 Attack Surface Threat Report Highlights the Need for ASM

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F09%2Fattack-surface-threat-report-highlights-need-for-asm%2F)  
[](https://twitter.com/share?text=2023+Unit+42+Attack+Surface+Threat+Report+Highlights+the+Need+for+ASM&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F09%2Fattack-surface-threat-report-highlights-need-for-asm%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F09%2Fattack-surface-threat-report-highlights-need-for-asm%2F&title=2023+Unit+42+Attack+Surface+Threat+Report+Highlights+the+Need+for+ASM&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2023/09/attack-surface-threat-report-highlights-need-for-asm/&ts=markdown)  
\[\](mailto:?subject=2023 Unit 42 Attack Surface Threat Report Highlights the Need for ASM)  
Link copied  
By [Matt Kraning](https://www.paloaltonetworks.com/blog/author/matt-kraning/?ts=markdown "Posts by Matt Kraning")  
Sep 14, 2023  
4 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)  
[Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown)  
[threat research](https://www.paloaltonetworks.com/blog/tag/threat-research/?ts=markdown)  
[Unit 42 Attack Surface Assessment](https://www.paloaltonetworks.com/blog/tag/unit-42-attack-surface-assessment/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2023/10/attack-surface-threat-report-highlights-need-for-asm/?lang=ja "Switch to Japanese(日本語)")

Palo Alto Networks Unit 42 illuminates some of the riskiest security observations around attack surface management (ASM) with the [2023 Unit 42 Attack Surface Threat Report](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report). The report contrasts the dynamic nature of cloud environments with the speed at which threat actors are exploiting new vulnerabilities. It found that cybercriminals are exploiting new vulnerabilities within hours of public disclosure. Quite simply, organizations are finding it difficult to manage their attack surfaces at a speed and scale necessary to combat threat actor automation.

Most organizations have an attack surface management problem, and they don't even know it, because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the internet. Defenders need to be vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers.
![Data of CVE publication](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/09/Chart_4-1.png)
Time elapsed before first reported ransomware attack against some of the top vulnerabilities by a known threat actor in the last 12 months.

## Notable Findings from the Report

#### **Attackers Move at Machine Speed**

* Today's attackers can scan the entire IPv4 address space for vulnerable targets in minutes.
* Of the 30 common vulnerabilities and exposures (CVEs) analyzed, three were exploited within hours of public disclosure and 63% were exploited within 12 weeks of the public disclosure.
* Of the 15 remote code execution (RCE) vulnerabilities analyzed by Unit 42, 20% were targeted by ransomware gangs within hours of disclosure, and 40% of the vulnerabilities were exploited within 8 weeks of publication.

#### **Cloud Is the Dominant Attack Surface**

* 80% of security exposures are present in cloud environments compared to on-premises at 19%.
* Cloud-based IT infrastructure is always in a state of flux, changing by more than 20% across every industry every month.
* Nearly 50% of high-risk, cloud-hosted exposures each month were a result of the constant change in cloud-hosted new services going online and/or old ones being replaced.
* Over 75% of publicly accessible software development infrastructure exposures were found in the cloud, making them attractive targets for attackers.

#### **Remote Access Exposures Are Widespread**

* Over 85% of organizations analyzed had Remote Desktop Protocol (RDP) internet-accessible for at least 25% of the month, leaving them open to ransomware attacks or unauthorized login attempts.
* Eight of the nine industries that Unit 42 studied had internet-accessible RDP vulnerable to brute-force attacks for at least 25% of the month.
* The median financial services and state or local government organizations had RDP exposures for the entire month.

## The Demand for Attack Surface Management

Enabling SecOps teams to reduce mean time to respond (MTTR) in a meaningful way requires accurate visibility into all organizational assets and the ability to automatically detect the exposure of those assets. Attack surface management solutions, like Palo Alto Networks industry-leading [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse), give SecOps teams a complete and accurate understanding of their global internet-facing assets and potential misconfigurations to continuously discover, evaluate and mitigate the risks on an attack surface.

Cortex Xpanse is agentless, automatic and routinely discovers assets that IT staff are unaware of and are not monitoring. Each day, it conducts over 500 billion scans of internet facing assets. This helps organizations actively discover, learn about, and most importantly, respond to unknown risks in all connected systems and exposed services. Cortex Xpanse is [one of the only](https://www.paloaltonetworks.com/blog/security-operations/cortex-xpanse-only-leader-and-outperformer-in-gigaom-radar-asm-evaluation/)products that not only gives businesses the ability to see their exposures, but to also automatically remediate them. Cortex Xpanse also recently [introduced](https://www.paloaltonetworks.com/blog/security-operations/actively-respond-to-internet-emergencies-with-new-active-attack-surface-management-capabilities-from-cortex-xpanse/) new capabilities to help organizations better prioritize and remediate attack surface risks by utilizing real-world intelligence and AI-assisted workflows.

It has become clear that the legacy technologies powering today's security operations center (SOC) are no longer working and that customers require a massive reduction in their mean time to respond and remediate. The [Cortex portfolio](https://www.paloaltonetworks.com/cortex) of products, such as [XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam), incorporates AI and automation to revolutionize security operations and help customers be more agile and secure.

Download the **[Palo Alto Networks 2023 Attack Surface Threat Report](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report)** and Register for **[the Attack Surface Threat Report Webinar](https://register.paloaltonetworks.com/untangling-the-attack-oct)** on October 5.

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### 2022 ASM Threat Report v2.1: Tending to Your Attack Surface Garden](https://www2.paloaltonetworks.com/blog/2022/07/tending-to-your-attack-surface-garden/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in Attack Surface Management](https://www2.paloaltonetworks.com/blog/2024/09/forrester-names-palo-alto-networks-a-leader-in-attack-surface-management/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Prowling the Wilds --- Upgrade Your SOC and Hunt Down Threats](https://www2.paloaltonetworks.com/blog/2024/05/upgrade-your-soc-and-hunt-down-threats/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Dark Side of AI in Cybersecurity --- AI-Generated Malware](https://www2.paloaltonetworks.com/blog/2024/05/ai-generated-malware/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Data --- The Lifeblood of Security and Detection Engineering](https://www2.paloaltonetworks.com/blog/2023/09/security-and-detection-engineering/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Multiplying Force with Automation --- Reducing the Soul Crushing Work](https://www2.paloaltonetworks.com/blog/2023/08/multiplying-force-with-automation/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language