As security professionals, we strive to keep up with new attack vectors while cybercriminals look for unnoticed entry points to find their way into more networks. By unnoticed entry points, I don’t mean the identity access management (IAM) tools companies use to protect their network’s front door or the server running their website. I mean the second/third tier services like project management software or even HVAC systems, little-used services that aren’t a top focus for security teams because of limited external visibility. These background infrastructure services have become a significant attack vulnerability, especially for locally-managed services.