Home > Expert Insights

Looking the Right Way: Why More Security Tools Don’t Always Improve External Visibility

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor
Larry Slusser - VP Strategy - SixMap
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Most non-tech leaders are not aware of how the domain, IP, and port system of digital routing works.
  • Tools that attempt to autonomously detect external attack surfaces fail to provide a complete picture.
  • Slusser notes that domain registration, IP ownership, and cloud asset alignment are often insufficiently validated.
  • According to the 2024 Verizon and Google reporting, breaches through external vulns increased 100%.
  • SixMap says legacy scanning technologies were designed for smaller networks and struggle at enterprise scale.

We spoke with Larry Slusser, Vice President of Strategy at SixMap, about how security gaps emerge during mergers, acquisitions, and rapid organizational growth due to overlooked external infrastructure.

Slusser said growth and restructuring often amplify blind spots, as teams assume external-facing tasks are complete without validating actual execution. He noted that legacy scanning technologies, originally designed for smaller networks, struggle to scale accurately in modern enterprise environments, generating excessive noise without improving clarity.

While leadership typically plans network integration at a strategic level, Slusser explained that ownership of domains, IP ranges, and cloud assets is frequently overlooked. 

Slusser, a former Air Force officer, brings experience in incident response and cyber risk management, with a background spanning vulnerability monitoring, ransomware mitigation, and operational security strategy.

Vishwa: In complex environments shaped by M&A or spinouts, what critical security questions do teams often fail to ask? This includes dormant assets, legacy routing, and unknown ownership. What tends to get overlooked?

Larry: In most cases of acquisition or divestiture, security leadership asks the right strategic questions.

However, details such as domain registration, IP block ownership, and cloud asset alignment are rarely looked at in the depth they need to be in order to ensure quality cybersecurity practices are enacted. 

Vishwa: Asset discovery often extends into third-party or unregistered ranges. How do you judge whether a discovery method is reliable in that context? What signals or outcomes help you decide it's trustworthy?

Larry: Typically, asset discovery methodologies are automated using DNS lookups and Whois, with cross-referencing with IPs and Domains. The challenge with this standard practice is it’s often inaccurate leading companies who conduct e verbal scans to have an attribution problem. 

Even as they fail to properly attribute domains and IPs in the proper hierarchical structure, their data is inaccurate, returning significant “false positives” or mislabeling ownership and connectivity of IP addresses and domains.

Vishwa: Many orgs prefer agentless tools for speed and simplicity. What risks come with that approach when mapping external environments? Where have you seen it fall short?

Larry: Tools that attempt to autonomously detect an organization’s external attack surface fail to provide a complete picture. This is how threat actors continue to succeed, taking advantage of externally facing vulnerabilities. 

According to the 2024 Verizon and Google (Mandiant) cyber reporting, breaches through external vulns increased 100%.  

This is despite the plethora of vulnerability management and attack surface SaaS cybersecurity tools available at the time. 

Vishwa: Security leaders often struggle to connect risk insights to business action. What helps translate exposure data into decisions that leadership can actually use? Especially when the data isn't dramatic but still urgent.

Larry: Current external exposure data provided by ASM, EASM, and Vulnerability scanning companies isn’t creating urgency, as cybersecurity teams are overwhelmed with cyber tools and data.  

How is “another tool” that says the same thing as everyone else going to save the day, hypothetically? Real-world examples need to be provided with context to demonstrate value. 

Vishwa: During fast growth or restructuring, where do teams most often misread the risk in exposed infrastructure? What assumptions tend to cause blind spots?

Larry: In the movie Gladiator, the hero Maximus escapes elimination at the perimeter, yet the Roman Army reports to the Emperor that the task was completed. 

In the same way, technical leadership is blind to the actual completion of critical external-facing tasks that can leave an organization susceptible to cyber attacks. This happens every week, yet leaders continue to not have systems and tooling to provide the maximum visibility possible.

Vishwa: In decentralized and hybrid networks, blind spots are common. What infrastructure gets missed most often in these types of environments? And what makes those assets hard to track?

Larry: Devices get spun up and attached to IPs every day without notifying the security team.  Many organizations have no double-check for this possibility.  

A rogue firewall, load balance, or misconfigured cloud asset can easily lead to a breach.  Particularly if they are spun up on an unusual port that isn’t checked or scanned often.  

Most non-tech leaders are not aware of how the domain, IP, and port system of digital routing works and are surprised to find their teams have not used accepted standards for hooking into the internet. 

Vishwa: What types of security measures or tools do you consider essential when defending against exposure-related threats? Which ones help maintain coverage even as environments shift?

Larry: Top-level scanning technologies used by the main companies for external-facing views are based on 30-year-old technology that was designed for small networks. The scanners have been adapted and forced to brute force scan all available IPs to provide exposure data.  

The data is rife with misattributions and errors, and large companies have tremendous overhead trying to make sense of the data. The company SixMap starts with the entity first, then maps upward from the ground up, avoiding all the noise created by traditional scanning methods. 

Add a Comment
Related
Rob King - Director of Applied Research - runZero
When Security Infrastructure Is Breached: How to Respond to the Cisco Email Gateway Flaw
Understanding Citizen Application Development Platforms, Their Security Risks, and the Rise of Gen AI
MacKenzie Brown - VP of Adversary Pursuit Group(APG) - Blackpoint Cyber
Protecting Critical Infrastructure: MSPs, SMBs, and the Power of Empathetic Leadership in Cybersecurity
David Muse - CEO - ZeroFox
Safeguarding a Leader’s Digital Identity: Why It’s Central to Corporate Security Today
Ryan Knisley - Chief Product Strategist - Axonius
Wrong Data, Wrong Move: Why Trustworthy Data is the Foundation of Every Smart Move
Dino DiMarino - CEO - AppViewX
Explaining Why Certificate Failures Are Still Taking Down Critical Systems
Most Popular
Cryptojacking
Hacker Arrested in KMSAuto Clipper Malware Campaign Targeting Cryptocurrency
Office - Police Files - Handcuffs
Former Coinbase Support Agent Arrested in India Over Insider Data Breach
Cyber Job Moves 29 December
Recent Cybersecurity Appointments Across Government, Banking, and Technology
Hacker Camera Map Surveillance
HoneyMyte APT Campaign Uses Kernel-Mode Rootkit to Deploy ToneShell
IoT - Pet Food - Feeder - Laptop - Phone
IoT Device Vulnerabilities in Smart Pet Feeders: Petlibro Exposes Pet, User and Employee Details
Data center - Server racks - Man - Monitor
MongoDB Flaw Allows Unauthenticated Memory Access, Immediate Patching Required
Hacker Arrested in KMSAuto Clipper Malware Campaign Targeting Cryptocurrency
Former Coinbase Support Agent Arrested in India Over Insider Data Breach
Recent Cybersecurity Appointments Across Government, Banking, and Technology
HoneyMyte APT Campaign Uses Kernel-Mode Rootkit to Deploy ToneShell
IoT Device Vulnerabilities in Smart Pet Feeders: Petlibro Exposes Pet, User and Employee Details
MongoDB Flaw Allows Unauthenticated Memory Access, Immediate Patching Required

Most Popular
Cryptojacking
Hacker Arrested in KMSAuto Clipper Malware Campaign Targeting Cryptocurrency
Office - Police Files - Handcuffs
Former Coinbase Support Agent Arrested in India Over Insider Data Breach
Cyber Job Moves 29 December
Recent Cybersecurity Appointments Across Government, Banking, and Technology
Hacker Camera Map Surveillance
HoneyMyte APT Campaign Uses Kernel-Mode Rootkit to Deploy ToneShell
IoT - Pet Food - Feeder - Laptop - Phone
IoT Device Vulnerabilities in Smart Pet Feeders: Petlibro Exposes Pet, User and Employee Details
Data center - Server racks - Man - Monitor
MongoDB Flaw Allows Unauthenticated Memory Access, Immediate Patching Required
Hacker Arrested in KMSAuto Clipper Malware Campaign Targeting Cryptocurrency
Former Coinbase Support Agent Arrested in India Over Insider Data Breach
Recent Cybersecurity Appointments Across Government, Banking, and Technology
HoneyMyte APT Campaign Uses Kernel-Mode Rootkit to Deploy ToneShell
IoT Device Vulnerabilities in Smart Pet Feeders: Petlibro Exposes Pet, User and Employee Details
MongoDB Flaw Allows Unauthenticated Memory Access, Immediate Patching Required

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: