Shifts in digital transformations, work locations, and increased use of SaaS applications have generated a larger and more complex attack surface for organizations.
At this point, almost any asset has the opportunity to become an entry point for cyberattacks making organizations harder to defend when they lack proper cybersecurity measures.
Visibility into the entire attack surface is more important than ever to reduce vulnerabilities whether they are known or unknown. This is where Attack Surface Management (ASM) comes in to save the day.
Defining Attack Surface Management (ASM)
ASM is comprised of a continuous series of steps that:
- Discover
- Monitoring
- Evaluate
- Prioritize
- Remediate
…attack vectors within an organization’s IT infrastructure.
The thought process behind ASM is that teams cannot secure unknown threats and having a solution that monitors the entire IT infrastructure gives organizations the visibility needed to protect their entire attack surface.
ASM differs from traditional asset management or discovery practices because it approaches security from the attacker’s perspective. This way all known and unknown threats can be identified and evaluated for risk.
What’s Included in an Attack Surface?
An organization’s attack surface is the interconnected network of IT infrastructure or any internet-facing asset in the cloud or on-premise.
More Specifically:
- Secure or insecure assets
- Known or unknown assets
- Active or inactive assets
- Shadow IT
- Managed and unmanaged devices
- Hardware
- Software
- SaaS
- Cloud assets and resources
- IoT devices
- Vendor-managed assets
An organization’s attack surface is continuously changing, evolving, and growing as time marches on. This is why continuous attack surface monitoring is so vital for the health of an organization’s overall cybersecurity and posture.
Functions of ASM
An effective attack surface management strategy will include but is not limited too:
1. Discovery
The first step is to create an inventory of all digital assets. This includes all hardware (servers, networking devices, firewalls, etc.), applications exposed through Internet-facing services (API’s, web portals), and cloud-based services (IaaS, PaaS). These individual components are then arranged into a map that offers visual insight into where security measures should be improved.
2. Monitoring
The attack surface of an organization changes constantly as the business grows. In order to make sure that a company is secure, applications are protected, and the device ecosystem is safe, organizations must spend time reviewing their security configuration on a constant basis.
A modern ASM solution automates this process — it continuously reviews and analyzes assets and will identify security gaps before they result in an incident or compromise.
3. Evaluation
One of the most important steps in securing a digital ecosystem is understanding which risk-prone assets are exposed and how they can be effectively managed. There are different kinds of assets within the digital environment, each with its own individual risk level. Each asset should be evaluated and given context about how it is exposed.
4. Prioritization
At this phase, ASM will rank or prioritize the risk-prone assets based on their severity. This comes in the form of actionable risk scoring and security ranking which uses objective criteria like how visible the vulnerability is, how exploitable it is, how difficult the risk is to fix, and the history of exploitation.
5. Remediation
Steps 1-4 of ASM set up the IT team with valuable information on which assets are the most vulnerable so they can begin remediation as soon as possible. Higher risk scores and security rankings will take priority and the team will work their way through the list to repair each asset.
Why ASM is Needed
Vulnerability risk management is generally used to identify and fix issues that may exist within an organization’s IT infrastructure, it may not encompass the attack surface as a whole but only a portion of the network. Continuous monitoring is the only way to be sure assets are always secure from threat actors.
With so many assets now distributed externally across the cloud, due to COVID-19 and many workers doing so from home, this has created even more work for security teams to do.
Digital transformations are also increasing the attack surface of organizations at an accelerated rate. In fact, Chairwoman Rosenworcel of the FCC warned about the risks to privacy and security as the world transitions to 5G. The use of 5G networks connects our lives faster and better than ever before, posing more security challenges aka a broadened attack surface for cyber events.
How ASM Mitigates Attacks
ASM takes security thinking from defensive to offensive; meaning an organization now has the perspective of an attacker.
This positions the IT/security team to understand better and prioritize the organization’s attack vectors.
When the attack surface is continuously monitored with ASM, security teams can move faster than attackers when a vulnerability is identified. The automation of security strategies like protection, classification, and identification in addition to assets outside the scope of traditional processes helps organizations be significantly more proactive than without ASM.
Real-time ASM analysis will scan for potential attack vectors like:
- Weak passwords
- Outdated, unknown, or unpatched software
- Encryption issues
- Misconfigurations
Conclusion
As organizations continue to acquire more external assets, changes in work environments and digital transformations, the importance of protecting their broadening attack surface is critical to business operations and the bottom line.
ASM makes the job of security teams a little easier by looking at the attack surface through the lens of an attacker, automating traditional and non-traditional security strategies, and continuously monitoring the entire attack surface for vulnerabilities.
Put simply…
You can’t protect what you don’t know about and ASM can help fix that.