Intruder, a leader in exposure management, has integrated DomainTools’ DNSDB, the world’s largest passive DNS database, into its Attack Surface Management (ASM) platform to significantly expand attack surface discovery capabilities for customers.

This integration is designed to provide enterprise plan customers with enhanced visibility into their extended networks, enabling automatic discovery and securing of new and previously unknown assets. The aim is to combat threats arising from Shadow IT.

Intruder’s ASM now incorporates Passive DNS (pDNS) data, building upon its existing capabilities that leverage certificate transparency and active Domain Name System (DNS) data. This allows security and IT teams to automatically identify and secure assets not currently part of their exposure management program, thereby addressing risks associated with misconfigurations and accidental exposures from Shadow IT.

An initial pilot program involving 60 Intruder customers demonstrated substantial improvements. All 60 customers experienced an increase in the number of related subdomains detected by Intruder. Specifically, 44 percent observed more than 10 additional subdomains, and 23 percent detected over 50 more. For some of the largest environments analyzed during the pilot, access to DNSDB identified hundreds of thousands of related subdomains, with one case revealing over a million, underscoring the vastness of the enterprise attack surface.

Andy Hornegold, vice president of product at Intruder, commented on the development, stating that incorporating DomainTools data is not just an advantage for securing external perimeters, but a step in the company’s philosophy. He emphasized that building platforms capable of handling multiple relevant functions and enabling teams to quickly close vulnerability gaps is more effective than manual processes or integrating disparate point solutions. Hornegold views the platformization of security as crucial for IT teams managing complex infrastructures and combating sophisticated attackers.

Shadow IT refers to systems developed within an organization that are unknown to the security team. Despite policies aimed at preventing their creation, these systems can emerge, remaining discoverable to attackers. Even minor weaknesses on these machines can leave organizations exposed and unaware of the risk. A key strategy in mitigating Shadow IT risks involves implementing tools that can enumerate subdomains utilized by an organization. Developers often create new systems and servers, requiring a subdomain to make web services accessible. Once these subdomains are identified, vulnerability scans can help defenders detect weaknesses before attackers exploit them.