December 14, 2022
What is Attack Surface Management?
What is Attack Surface Management?
Attack Surface Management (ASM) is the continuous discovery, classification, and monitoring of all an organization’s IT assets to detect, understand, prioritize, and remediate security risks. The goal of ASM is to discover and remediate security risks before they are exploited by malicious actors to launch cyber-attacks. Attack Surface Management is achieved using dedicated ASM solutions or security tools that have ASM capabilities.
At this point, it would be helpful to define a couple of key concepts: Attack Surface and IT Assets.
What is an Attack Surface?
An organization’s attack surface includes all the possible entry points an attacker can exploit to gain unauthorized access to its network and systems. These entry points, known as attack vectors, are typically in the form of vulnerabilities and exposures in IT assets. These include everything from software design and code errors, misconfigurations, open ports, weak passwords, to employees who lack cybersecurity awareness. The attack surface of organizations varies massively depending on the amount of assets they own. Small brick and mortar businesses with little IT assets will have a tiny attack surface. Large enterprises with a highly digitized business have thousands and millions of assets and thus have a huge attack surface.
What are IT Assets?
An IT asset is any piece of hardware, software, or data that an organization uses in its course business. Hardware assets include desktops, laptops, mobile devices, servers, network devices, IoT devices, and peripherals. Software includes operating systems, software programs, business applications, database systems, and middleware.
IT assets can also be categorized into internal assets, internet-facing assets, cloud assets, and external assets. Internal assets are those that are only supposed to be accessed by insiders, while internet-facing assets such as websites and web applications are made available for access over the internet. Cloud assets include virtual machines, software-as-a-service (SaaS) apps, and cloud storage.
Attack Surface Management primarily focuses on externally exposed assets, which is why it is also known as External Attack Surface Management. The word asset is also slightly misleading as ASM also aims to account for assets that are no longer used in the course of business but are still active in the network.
What Makes Attack Surface Management Different?
The concept of Attack Surface Management is not too dissimilar to traditional processes designed to identify, manage, and remediate security risk. These include asset discovery, vulnerability management and assessment, and penetration testing. However, Attack Surface Management differs in that it is a proactive, continuous, and consolidated solution as opposed to reactive, periodic, and disparate exercises. Crucially, ASM takes an outside-in view of organization’s attack surface from the perspective of malicious actors. Therefore, ASM aims to account for all the assets visible and accessible to attackers, including unknown shadow IT, unused assets, and external assets, not just known assets and assets selected for testing and protection.
The Importance of Attack Surface Management
Attack Surface Management is gaining increased attention from organizations and their IT security leaders. The big push for digitization means that the IT infrastructure of organizations is highly fluid. Assets are constantly being rolled out, changed, and abandoned. This level of dynamism means that IT and security teams are in a perpetual race against time to keep track of their organization’s assets and secure them before they can be exploited by threat actors. Data suggest that the latter have the upper hand. Consider the statistic that 68% of cyber-attacks began from unknown, unmanaged, or poorly managed company assets. Periodic efforts to inventory assets, assess, and remediate their risks is no longer adequate for maintaining a robust security posture.
Attack Surface Management plugs this major security gap through the continuous discovery, classification, and monitoring of all assets. Any vulnerabilities and exposures are known in real time and promptly remediated before attackers can take advantage to launch devastating cyber-attacks. This is huge when you consider that the global and U.S. average total cost of a data breach in 2022 is $4.35M and $9.44M respectively.
Crucially, ASM also empowers businesses to go bold in their digital transformation. For a long time, many businesses have been pursuing their digitization initiatives with the handbrake on for fear of greater risk exposure and the lack of resources to deal with the heightened risk. ASM gives businesses the confidence to pursue their goals knowing full well that any risks will be promptly discovered and remediated.
Attack Surface Management is therefore important for avoiding significant businesses losses through breach prevention and promoting businesses growth through secure digitization.
Phases of Attack Surface Management
The first step in attack surface management is to discover all the assets that make up the organizations IT infrastructure. Because Attack Surface Management aims to identify assets from an outside-in view, ASM solutions are integrated with some the same asset discovery tools and techniques used by malicious actors. For example, network scans uncover all the assets in the environment, including previously unknown shadow IT. Assets are further identified and categorized by type, function, manufacturer, version, operating system, and more.
Once an ASM solution has a complete inventory of assets, the next step involves testing them for vulnerabilities and exposures. This process is achieved through various means. For example, ASM solutions come with the vulnerability scanning tools often used by attackers to detect outdated software, open risky ports, weak passwords, and more. Attack Surface Management solutions also make use of real-time threat intelligence to detect the latest vulnerabilities.
Large organizations may have hundreds and thousands of discovered vulnerabilities and exposures at any given time. Therefore, it is important for IT security teams to prioritize their remediation efforts to shrink the attack surface in the most efficient and effective way. This could be based on the vulnerabilities that are the most at risk or lead to the greatest impact. Thankfully, ASM solutions assist this complex process by providing context of the assets and vulnerabilities.
Once the attack surface is thoroughly mapped and the vulnerabilities and exposures are contextualized, the IT security team can begin to remediate the risks in the order of priority. ASM solutions typically provide native remediation controls, such as the installation of patches, implementing security measures, and changing configurations. Security administrators may even be able to automate certain standard remediation tasks to speed up the process and save themselves time to address more important issues.
- Continuous Monitoring
All assets are continuously monitored for new issues. Malicious actors are constantly scouring the internet looking for new vulnerabilities and exposures to exploit. At the same time, changes and updates to assets are constantly taking place, so any remediates assets or secure assets may become vulnerable and exposed at any time. Continuous monitoring enables security teams to be aware of new vulnerabilities and remediate them at the first opportunity to prevent compromise.
Attack Surface Management with ForeNova
ASM with ForeNova goes many steps further than traditional approaches. ForeNova solutions see the whole attack surface: threats from outside, but also the often-underrated threats already existing inside the company network & endpoints. As many successful cyberattacks today are very sophisticated, firewall and endpoint protection fail to prevent them. Now ForeNova acts as a second defense line to prevent from these cyberthreats to spread and get active. By covering network and endpoints ForeNova solutions use behavior analytics to detect unusual activity in real time, create alarms and mitigate threats. With a 24/7 monitoring by ForeNova’s cybersecurity specialists, customers can rely on fast response to any kind of detected incidents and therefore have a premium protection versus threats like ransomware attacks.
A modern Attack Surface Management is the key for today’s enterprise security. It’s nearly impossible to win the race to patch security vulnerabilities and have the perfect configuration of the IT infrastructure against the cybercrime actors without AI and machine learning driven detection & response solutions in best case supported by human expertise. To make educated decisions on how to improve ASM a service like NovaTA to assess the current status of network security is extremely helpful.