What To Look For in an Attack Surface Management Solution
Your External Attack Surface Is More Important Than Ever
In 2020, an estimated 73% of cybersecurity incidents involved external cloud assets, according to the Verizon Data Breach Investigations Report. The disappearance of network perimeters, rise of shadow IT, and exposure from small cloud misconfigurations have fundamentally changed how data breaches occur in practice and shifted priorities for organizations.
The Attack Surface Management (ASM) Buyer’s Guide provides an overview of:
- Challenges organizations face when it comes to managing their external attack surface
- Overview of the emerging ASM class of security products
- Strategies for evaluating ASM functionality and quality
- Content for building a business case for ASM
What Is Attack Surface Management?
Attack Surface Management products continually uncover unknown assets ranging from Internet services to cloud storage buckets, and comprehensively check all assets for security risks. ASM solutions help organizations to prevent data breaches and compliance violations by:
- Automatically discovering Internet assets (e.g., hosts, services, websites, storage buckets) across all networks and cloud providers
- Providing a comprehensive inventory of Internet assets and investigative tools to understand organizational dependencies and immediately respond to new threats
- Continually checking assets for security weaknesses and misconfigurations and providing a prioritized set of risks to address
- Identifying violations of both organizational policies and external compliance programs (e.g., PCI DSS and NERC CIP)
- Enabling teams to evaluate the dependencies and security risks of subsidiaries and acquisitions
Why Is Another Platform Necessary?
While many security solutions, from pentests to Vulnerability Management (VM) programs, claim to protect Internet Assets and reduce your attack surface, they are often slow and monitor only known assets. Similarly, Cloud Security Posture Management (CSPM), Cloud Access Security Broker (CASB) and Cloud Workload Protection Platform (CWPP) solutions help organizations track assets in managed providers and accounts, but lack visibility into your holistic attack surface including unmanaged providers, accounts, and assets. An ASM solution identifies assets and their associated risks regardless of their location, provider, or account. As a result, organizations are given a much more complete picture of what their attack surface looks like and any potential risks that could arise.
ASM Features Your Organization Should Prioritize
The ASM Buyer’s Guide provides an overview of key features that organizations should look for in an ASM solution, including features that align with the following themes: asset discovery, inventory and explanation, risks and compliance, operationalization, and security controls.
There are a growing number of providers in the ASM space, and it’s important to consider key questions such as:
- How does the solution determine which hosts are mine?
- What types of assets can the solution discover?
- What types of risks (cybersecurity or brand reputation) does the solution identify?
- How often does the solution refresh its information?
- What downstream integrations does the solution support?
From SolarWinds to Kaseya, there are many examples of attacker efficiency when it comes to Internet-facing assets. You need to be sure that any mistakenly exposed, or unmanaged assets — including storage buckets, network segments, applications, or APIs — are caught in real time in order to protect your business. Investing in an ASM is more important now than ever. Reading the ASM Buyer’s Guide is a great first step to understand Attack Surface Management and to learn how organizations are using ASM solutions to better manage risk and compliance. Download the full report here.