What is Attack Surface Management?
Attack surface management is defined as the continuous discovery, inventory, classification and monitoring of an organization’s external digital assets. In short, it is the management and monitoring of anything that contains, transmits or processes sensitive data within an organization’s network.
This is a similar concept to asset discovery and asset management but attack surface management approaches these tasks from an attacker’s perspective. This helps security teams ensure that all attacker-exposed IT assets are adequately secured.
What is an Attack Surface?
Attack Surface is the term that refers to an interconnected web of IT assets that can be leveraged by a hacker during a cyber attack.
It is important to note, however that an organization’s attack surface will change and evolve over time as new devices and tools are added to the network. For this reason, it is imperative that an organization’s attack surface is continuously monitored and evaluated before a vulnerability is exploited.
An attack surface is generally made up of the following components:
- Secure or insecure assets
- Known or unknown assets
- On-premise assets that are located on site
- Cloud Assets – Anything that leverages the cloud for operation or delivery
- Shadow IT assets
- Subsidiary Networks – Any network that is shared by more than one organization
Why Attack Surface Management is crucial for organizations
Even for small organizations, the attack surface is a sprawling landscape that can be leveraged by a hacker to steal sensitive data or information. For this reason, ensuring the security of your Attack surface is crucial, especially when considering that attack surfaces constantly change and are becoming increasingly distributed to the cloud.
It is therefore imperative that organizations achieve complete visibility and monitoring over their attack surface in order to remove and manage risks before attackers exploit them.
How Attack Surface Management deals with hackers
Simply put, Attack Surface Management allows security teams to stay ahead of attackers when vulnerabilities and exploits are disclosed. It also automates many of the key protection activities including real time attack surface analysis and vulnerability management.
ASM solutions also include coverage for the following:
- Weak passwords
- Outdated or unpatched software
- Misconfigurations
How Attack Surface Management works:
Attack Surface Management tools often include products and services that discover external assets usable by attackers and compares them against a list of commercial, open-source and priorietary threat intelligence feeds.
Generally speaking, a proper attack surface management program should incorporate the following steps:
Step 1: Discover Assets
Before managing and remediating anything, organizations should take the time to identify and map all digital assets across the internal and external attack surface. Modern attack surface management solutions enhance visibility across the entire network and ensures that an organization has mapped any asset that are potential attack vectors.
Step 2: Test
Like we previously mentioned, an organization’s attack surface will change constantly as new tools and technologies are implemented. Modern attack surface management tools continuously review and monitor assets to ensure that an accurate inventory of network assets is easily accessible.
Step 3: Provide Context
While there are many different IT assets that can serve as attack vectors, they don’t all necessarily pose the same amount of risk. Modern attack surface management solutions supply relevant information and context about an exposed asset in an IT environment which help security teams determine the severity of a given threat.
Step 4: Prioritize
After discovering and identifying all network IT assets, the next step is to prioritize the remediation efforts for all identified vulnerabilities and weaknesses. Modern attack surface management tools score vulnerabilities based on subjective criteria, like visibility of vulnerability, how exploitable it is, how complicated it is to fix, and any history of exploitation.
Step 5: Remediate
Based on the first five steps, IT security teams should now be properly equipped to remediate the latest vulnerabilities and weaknesses. Staff are now free to begin working on the weaknesses that pose the greatest attack surface risks.