Attack Surface Management

The increase in cyberattacks across the world has expanded the attack surface for cybercriminals. The research reveals that 69% of organizations have experienced some type of cyberattack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. In a nutshell, the attack surface can be described as total hardware, software, SaaS and cloud assets connected to an enterprise network that are accessible over the internet and store data.

Attack Surface Management (ASM) can be defined as the continuous discovery, inventory, classification and security monitoring of external assets connected to enterprise networks that contain, transmit and process sensitive data.  In short, it is everything outside of the firewall that attackers can and will discover as they research the threat landscape for vulnerable organizations.

ASM is an integral part of an organization network security as it reduces the probable entry points for cybercriminals. It aids in preventing and mitigating risks stemming from Legacy, IoT and shadow IT assets.

Human mistakes are a key factor in cyberattacks. ASM helps to reduce such mistakes and guard against attacks like phishing. It also helps to reduce risks from vulnerable and outdated software, unknown open-source software, intellectual property infringement and vendor managed assets.

Attack surface Management is closely aligned with analyzing the threats and vulnerabilities in enterprise networks. The strategy is implemented to decrease the blind spots in the network and give attackers less opportunity to exploit weaknesses within the network and other resources connected to it. Attack Surface Management generates comprehensive visibility of the extended enterprise.

The National Institute of Standards and Technology has devised a framework to reduce the attack surface of enterprises thereby excelling in ASM. The framework asks the security operation teams in enterprises to 

1. Explicitly address security and privacy requirements
2. Identify standards and tools used in the process
3. Document the specific tools and configurations used in the process
4. To document, manage and ensure the integrity of changes

Furthermore, the framework also advocates SecOps teams to define the quality metrics before implementing steps to ensure ASM. Enterprises use quality metrics to establish the acceptable levels of network quality that can include quality gates- a collection of sufficient standards that represent a satisfactory execution of specific levels of the security model.

Moreover, the SecOps team have to select and deploy security and privacy tracking tools, including vulnerability tracking systems that facilitate assignment, sorting, filtering, and tracking of the networks and devices associated with it.

Critical analysis is mandated under the guidelines to ensure that the attack surface for the supply chain is managed properly.

Other than the above methods, NIST has underscored the below-mentioned approach to ensure a smooth and effective ASM strategy.

Implementing layered defence using a combination of different security tools to ensure that each layer of the network security is supported by another.

1. Applying the principle of least privilege advocates that users, devices and processes will only have access to resources within the network that are absolutely necessary to perform their assigned function.
2. Deploying network security software.
3. Identifying unsafe locations to reduce entry points of cybercriminals.
4. Eliminating Application Programming Interfaces (APIs) that are vulnerable to attacks.

Timely identification of digital assets is a fundamental part of robust threat intelligence and can greatly reduce the risk of data breaches and data leaks. All it takes for an attacker to launch a cyber attack is one vulnerable point in your organization.  ASM map your environment, monitor your assets, manage your risks.