Why Attack Surface Management Matters?
Attack Surface Management (ASM) is the continuous process of discovery, inventory, prioritization, and resolution of risk impacting your Internet-facing assets.
Organizations are constantly reshaping their Internet-facing attack surface, whether they know it or not. Services, and the data those services utilize, are being developed, deployed and re-configured across the Internet, many times a week. Whether on your public cloud instances, on-prem servers, or on Third Party managed infrastructure, the task at hand has become much more complex and difficult in recent years. The result? The creation of a large and dynamic boundary to the outside world that must be continuously re-defined and protected.
Since 2018, the industry has encouraged security leaders to start leveraging Attack Surface Management as part of their holistic cybersecurity programs. As we enter 2021, ASM is providing a service that bridges the gap between what an attacker sees and what your security teams are monitoring.
What is Attack Surface Management?
In the most basic terms, the Attack Surface is any asset or service that is publicly accessible and could allow an attacker, either now or in the future, entry into your organization’s private assets. Management of your attack surface is the process by which you prioritize and resolve potential risks emerging across your Internet-facing assets. At Censys, we breakdown the concept of an Attack Surface into a few different categories:
These assets are inventoried, centrally administered, and have a regular cadence of security evaluations. These are things like:
- Your registered netblocks
- Your corporate website and domains
- Certificates issued by your your organization
- Assets running in your known cloud environments.
Depending on the size and posture of your organization, managed assets still present risks that should be addressed to ensure continuous monitoring and coverage. For instance, a team might accidentally push code that exposes a MySQL database externally on an asset within your AWS infrastructure. Most organizations want signals about this activity quickly so they can act fast.
This is often rouge or orphaned IT infrastructure that was stood up outside of the purview of your security team. Examples include:
- Shadow cloud environments
- Legacy websites that still are externally accessible
- Domains registered outside your sanctioned registrar
- Assets acquired through M&A where administration and ownership can be ambiguous
- Self-signed certificates
Unmanaged assets, by definition, are blind spots to most organizations and therefore miss the crucial testing, scanning, and patching that is afforded to your managed inventory. Bringing these assets into a managed state quickly is one of the main tenets of a healthy ASM program.
As a result of COVID-19, the “Attack Surface” that we once knew, exploded exponentially to include entire new groups of a remotely dispersed workforce. Without a traditional firewall, risky residential IPs can be gateways into corporate systems. For that reason, home networks have now become part of the Attack Surface security teams must protect.
Third Party Administered Assets
More and more we see threats permeating through third party infrastructure that is trusted by an organization. Domains that are hosted by third party hosting providers adhere to different security postures and compliance programs than those who contract them. One example is the default certificates for hardware devices. Too often these certificates are not changed and use weak encryption algorithms to protect the data passing through. Additionally, the devices they certify often have default administrative credentials. This third party infrastructure that is deployed in your environment can be a risk if not assessed and maintained properly.
How can ASM help my organization?
Understanding and maintaining a list of everything you own that touches the Internet is a daunting task. It is very time-consuming, expensive, and requires infrastructure and tooling. Not only this, but it also requires accurate visibility across the entire Internet, finding the things that belong to your organization, monitoring changes, evaluating risk, and resolving issues that are most severe in a timely manner.
This is a lot of work. But the Censys ASM Platform is able to do the heavy lifting. In more specific term terms, the Censys ASM Platform automates attack surface mapping and discovery, providing the following benefits to organizations:
- Reduced Remediation Times: Every day that assets are unknown or unmanaged that’s another day that those assets are not being evaluated for risks or vulnerabilities. We help customers shed light on unmanaged assets, dramatically reducing remediation time.
- Fewer Security Surprises: The last thing security teams want are security surprises. The ASM Platform is rapidly discovering assets on the internet that are affiliated with your organization. By incorporating discovery into your security program, you are building a mechanism that enables practitioners to better manage “shadow” infrastructure.
- Full Cloud Visibility: The 2020 Verizon Breach Report reported that 22% of breaches involved cloud assets and that misconfigurations are the fastest-growing risk to web application security. The Censys ASM Platform does multi-cloud discovery and routinely identifies risk and misconfiguration across all of your cloud infrastructure.
- Adding Automation to your Inventory Process: Most prospects we talk with leverage some sort of regular pen-test or periodically work to inventory their infrastructure. ASM adds automation to the process, removing manual effort or the dependency on snapshots that quickly go stale. Automatic discovery and inventory of your externally-facing asset gives your organization a clearer and more holistic picture of what your team must protect and easily reduces headaches.
- Easily Identify and Make a Plan to Tackle Systemic Security Hygiene: When you have all of your externally accessible data in one place, you can quickly identify systemic security hygiene problems across the organization. For example, quickly see if you are still using out-of-date, or soon to be deprecated, software in your environment. Learn if you are not properly disposing of old servers or if you need to better manage your DNS to prevent subdomain hijacking.
All technology environments are becoming more and more complex every day and managing your system is a challenge, regardless of the size of your team. The Censys ASM Platform enables teams to optimize their attack surface management program with confidence and accuracy, giving them the best visibility into what they need to protect.
Find more by Morgan Princing here.