techlist.io
KR EN
kakao

YEYE is Watching – (opens in new tab)

network-securitycloud-securityasset-managementattack-surface-managementvulnerability-scanningcvesecurity-automation

Kakao developed YEYE, a dedicated Attack Surface Management (ASM) system, to proactively identify and manage the organization's vast digital footprint, including IPs, domains, and open ports. By integrating automated scanning with a human-led Daily Security Review (DSR) process, the platform transforms raw asset data into actionable security intelligence. This holistic approach ensures that potential entry points are identified and secured before they can be exploited by external threats.

The YEYE Asset Management Framework

  • Defines attack surfaces broadly to include every external-facing digital asset, such as subdomains, API endpoints, and mobile APKs.
  • Categorizes assets using a standardized taxonomy based on scope (In/Out/Undefined), type (Domain/IP/Service), and identification status (Known/Unknown/3rd Party).
  • Implements a labeling system that converts diverse data formats from multiple sources into a simplified, unified structure for better visibility.
  • Establishes multi-dimensional relationships between assets, CVEs, certificates, and departments, allowing teams to instantly identify which business unit is responsible for a newly discovered vulnerability.

Daily Security Review (DSR)

  • Operates on the principle that "security is a process, not a product," bridging the gap between automated detection and manual remediation.
  • Utilizes a rotating group system where security engineers review external feeds, public vulnerability news, and YEYE alerts every morning.
  • Focuses on detecting "shadow IT" or assets deployed without formal security reviews to ensure all external touchpoints are accounted for.

Scalable and Efficient Scanning Architecture

  • Resolved internal network bandwidth bottlenecks by adopting a hybrid infrastructure that leverages public cloud resources for high-concurrency scanning tasks.
  • Developed a custom distributed scanning structure using schedulers and queues to manage multiple independent workers, overcoming the limitations of single-process open-source scanners.
  • Optimized infrastructure costs by identifying the "sweet spot" in server specifications, favoring the horizontal expansion of medium-spec servers over expensive, high-performance hardware.
  • Mitigates service impact and false alarms by using fixed IPs and custom User-Agent (UA) strings, allowing service owners to distinguish YEYE’s security probes from actual malicious traffic.

To effectively manage a growing attack surface, organizations should combine automated asset discovery with a structured manual review process. Prioritizing data standardization and relationship mapping between assets and vulnerabilities is essential for rapid incident response and long-term infrastructure hardening.