{"id":247279,"date":"2026-05-15T07:00:00","date_gmt":"2026-05-15T11:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/15\/what-45-days-of-watching-your-own-tools-will-tell-you-about-your-real-attack-surface\/"},"modified":"2026-05-17T07:30:08","modified_gmt":"2026-05-17T11:30:08","slug":"what-45-days-of-watching-your-own-tools-will-tell-you-about-your-real-attack-surface","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/15\/what-45-days-of-watching-your-own-tools-will-tell-you-about-your-real-attack-surface\/","title":{"rendered":"What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/what-45-days-of-watching-your-own-tools.html\">What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/what-45-days-of-watching-your-own-tools.html\">https:\/\/thehackernews.com\/2026\/05\/what-45-days-of-watching-your-own-tools.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-15 07:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">The Hacker News<\/span>\ue802<span class=\"author\">May 15, 2026<\/span><\/span><span class=\"p-tags\">Endpoint Security \/ Threat Detection<\/span><\/p>\n<p>In Your Biggest Security Risk Isn&#8217;t Malware \u2014 It&#8217;s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild \u2014 the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender&#8217;s analysis of 700,000 high-severity incidents found legitimate-tool abuse in <strong>84% of them<\/strong>.<\/p>\n<p>The reaction we heard most was a fair one: We know. So what do we actually do about it?<\/p>\n<p>That&#8217;s what Bitdefender&#8217;s complimentary <strong>Internal Attack Surface Assessment\u00a0<\/strong>is built to answer. It&#8217;s a 45-day, low-effort engagement available to organizations with 250 or more employees that turns the abstract problem of &#8220;living off the land&#8221; into a specific, prioritized list of users, endpoints, and tools you can safely take away from attackers without breaking the business.<\/p>\n<h2 style=\"text-align: left;\"><strong>Why This, Why Now<\/strong><\/h2>\n<p>A clean Windows 11 install ships with <strong>133 unique living-off-the-land binaries<\/strong> spread across 987 instances. Bitdefender Labs telemetry found <strong>PowerShell active on 73% of endpoints<\/strong>, much of it invoked silently by third-party applications. This isn&#8217;t a malware problem \u2014 it&#8217;s an over-entitlement problem, and you can&#8217;t patch your way out of it.<\/p>\n<p>Gartner now projects that <strong>preemptive cybersecurity will account for 50% of IT security spending by 2030, up from less than 5% in 2024<\/strong>, and that <strong>60% of large enterprises will adopt dynamic attack surface reduction (DASR) technologies by 2030, up from less than 10% in 2025<\/strong>. The reason is mechanical: when most intrusions involve no malware and adversaries move in minutes, &#8220;detect and respond&#8221; is too slow a loop. You have to remove the moves attackers can make in the first place.<\/p>\n<h2 style=\"text-align: left;\"><strong>How the Assessment Works<\/strong><\/h2>\n<p>The engagement runs in four steps over roughly 45 days, powered by <strong>GravityZone PHASR<\/strong> \u2014 Bitdefender&#8217;s&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/what-45-days-of-watching-your-own-tools.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack&#8230;<\/p>\n","protected":false},"author":1,"featured_media":247280,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhVcSUDrpIZyFrHqIlIGnXfIShsEamRNviaM6TguPwmQI9KkhrIXOQbQ0WVKiOkcBGkFqKTKZmK16zPChmlcCbZHIkX3K_C0sjnyXYJjpZuJXO3OiIhUe7Ez8jCNiTxh0FGYS2-RR6HKsl9pWJVgc_uXAtHXj0hgU-mLSsOh-QHft6A92KtgWPQhk1OVPA\/s1600\/Attack-Surface.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,32],"class_list":["post-247279","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247279"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=247279"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247279\/revisions"}],"predecessor-version":[{"id":247281,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247279\/revisions\/247281"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/247280"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=247279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=247279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=247279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}