Many InfoSec industry reports state that exposed Remote Desktop Protocol (RDP) ports are a leading cause of breaches. One cyber-insurance carrier told me they will not write policies for those with open RDP. So, I was curious how prevalent RDP is across top U.S. companies. /1

I used Bit Discovery to analyze the external asset inventories (attack surface map) of 102 top U.S. companies, organized by 9 industry segments, looking for assets that had listening RDP ports (3389) at some point within October. /2

”Asset" is a domain name, subdomain, or IP addresses combination of a device accessible over the Internet. We’re actively tracking ~4.5B total assets across the Internet, assigning ownership relationships between Internet-accessible assets. /3

This chart illustrates the relative size of the overall asset inventories for the Top U.S. company in the data set by Industry. /4

Illustrated are the median and average number of assets, organized by industry, that had listening RDP (3389) ports within the month of Oct. Some number of these ports did notably have source IP-address controls that prevented establishing full connections. /5

And for good measure, I thought it might be interesting to look for open MySQL ports (3306) as well. /6