Evaluating Attack Surface Management Vendors: What You Need to Know
When new technology hits the market, there are the inevitable questions of: Is this built to last? What is the barrier for implementation? And do the capabilities align with the problem my team is trying to solve?
Attack surface management is an emerging security product that needs to be evaluated with those questions in mind. New security innovations must undergo increased scrutiny because of their nature. A security product should protect the organization and its assets, and if it doesn’t, it won’t be adopted. So, we created the Attack Surface Management Buyer’s Guide to simplify the process of evaluating an attack surface management (ASM) vendor.
In the guide, we go over some concepts and terminology related to attack surface management that are important to remember when considering a vendor. The goal is to match your needs and expectations with the capabilities of attack surface management, which means speaking the same language.
To give you a jumpstart, we’ll outline the definitions for attack surface and attack surface management, then we’ll review the highlights from our evaluation framework. What’s important to remember is that attack surface management can become foundational to your security stack. An attack surface management platform should give security teams the ability to work faster and with efficiency and it should substantially reduce time to remediate risks.
What is an attack surface?
Broadly, an attack surface is all the elements of an organization that an attacker might use to launch an attack or breach data, such as servers, network infrastructure, websites, and cloud storage buckets. Some of these digital elements are inherently “public” facing because they exist and operate on the public internet. These external elements are particularly attractive to hackers looking for a way into an organization or to simply take whatever valuable information they can find.
What is attack surface management?
Most importantly, attack surface management discovers and inventories internet assets and risks – the key being that some of these assets are completely unknown to the organization’s IT department. Attack surface management platforms are typically cloud-based SaaS products that find and monitor public-facing assets across all providers, networks, and accounts. Unlike most security products, attack surface management solutions do not require agents or complex integrations. Rather, attack surface management solutions employ proprietary algorithms fed by internet data sources (e.g., passive DNS, WHOIS, iInternet-wide scans) to identify assets that belong to an organization and, in turn, analyze those assets for security risks and compliance violations.
How can I effectively evaluate an attack surface management provider?
In our Buyer’s Guide, we provide a rubric so that your team can prioritize what features you need most and ask knowledgeable and specific questions of potential vendors. We cover five themes: asset discovery, inventory and explanation, risks and compliance, operationalization, and security controls.
Within those five themes, we list and define 17 features specific to attack surface management. Some examples of measurement for feature evaluation include: “ASM solutions should explain how and why they attribute specific assets to your attack surface. ASM solutions should provide you a history of each asset to aid in investigation. Oftentimes ASM problems can’t be directly solved by the security practitioner. The solution should let you easily assign tickets to IT teams to address.”
We also help you build the business case to adopt an attack surface management solution. Between heavy compliance fines and the frequency with which Censys finds unknown assets (on average between 30-80% more than assumed), it’s clear as to how investing in an attack surface management solution will save you money over time by preventing breaches before they happen. Another added benefit is that a solid attack surface management solution will integrate with your existing tools to speed up time to remediation by giving your security team visibility well beyond what existing tools can provide with its outside-in perspective.