Attack surface management is the continuous discovery, inventory, classification and monitoring of an organization's IT infrastructure.
The term may sound similar to asset discovery and asset management, but ASM approaches these and other security tasks from an attacker's perspective. This ensures security covers all attacker-exposed IT assets accessible from within an organization, assets exposed to the internet and assets in suppliers' infrastructures.
ASM encompasses the following:
- secure or insecure assets
- known or unknown assets
- shadow IT
- active or inactive assets
- managed and unmanaged devices
- cloud assets and resources
- IoT devices
- vendor-managed assets
Why organizations need attack surface management
The attack surface is a sprawling landscape -- even for smaller organizations. Ensuring its security is paramount. However, attack surfaces constantly change, especially as many assets today are distributed across the cloud. The COVID-19 pandemic and work-from-home wave have also increased the number of external assets and targets security teams must protect. Not to mention, hackers are automating their reconnaissance tools to probe and analyze external attack surfaces -- an evaluation many security teams never fully complete.
To counter these challenges, organizations must achieve complete visibility and continuous monitoring to remove or manage risks before attackers find them.
Attack surface management can help organizations do this.
How ASM defeats attackers
ASM realigns security thinking from that of a defender to that of an attacker. This puts security teams in a better position to prioritize areas of the attack surface.
Penetration testing and red teams provide insight into an attacker's viewpoint, but reconnaissance and attacks are normally launched in a controlled environment or against a specific aspect of the IT environment. While still worthwhile, the changing and expanding nature of most environments enables vulnerabilities to go unnoticed and assets to remain untested.
Shadow IT, for example, has long been viewed as a major security risk. Eliminating these unknown assets is essential to mitigating threats.
Security teams must move faster than attackers when vulnerabilities and exploits are disclosed. This is only possible if the attack surface is mapped out on a continuous basis. With ASM, enterprises can quickly shut down shadow IT assets, unknown and orphaned apps, exposed databases and APIs, and other potential entry points to mitigate any vulnerabilities that arise.
Security strategies have always centered around the protection, classification and identification of digital assets. ASM automates these activities and covers assets outside the scope of traditional mapping, firewall and endpoint protection controls. ASM tools provide real-time attack surface analysis and vulnerability management to prevent security control failures and to reduce the risk of data breaches. The objective is to find assets and check for possible attack vectors, including:
- weak passwords
- outdated, unknown or unpatched software
- encryption issues
Features of ASM tools
Attack surface management offerings include SaaS, cloud-based and managed systems. These products and services automatically discover the external assets attackers can see and evaluate them against commercial, open source and proprietary threat intelligence feeds to generate security ratings for an organization's overall security posture. ASM reports are useful for nontechnical stakeholders, senior management, potential partners and clients.
The continuous monitoring features of ASM tools generate real-time information on the organization's overall risk profile, as well as individual risks within the infrastructure. Some ASM systems search the dark web for credentials exposed in third-party data breaches and enable other security tools to be integrated via APIs. Other ASM tools combine threat ratings with business value and impact to evaluate the effectiveness of existing security controls to help with prioritization. ASM tools may offer additional useful features that enable security teams to monitor changes in the attack surface and see potential improvements in security from remediating a risk or set of risks.
Security teams today require constant funding to ensure they have the skills and resources to prevent and reduce risks. Enterprises have vast attack surfaces. As such, ASM is becoming popular with CIOs, CTOs, CISOs and security teams as it enables them to monitor and reduce their attack surface.