Your Cybersecurity Tech Stack vs. Attack Surface Management
Here’s something you may already know – your attack surface has grown significantly in the past few years. There are many reasons this is the case. COVID forced many workplaces to go remote; the push towards digital transformation has encouraged companies to speed up their cloud adoption; and the frequency of mergers and acquisitions have encouraged companies to take on new infrastructure, many areas of which were not known until after acquisition.
You don’t have to go back that many years to a time when an attack surface consisted entirely of what was actually inside of an organization. Traditional networks existed behind a physical firewall – the device stood between the organization and the internet. If someone needed access to something outside of the firewall, networking teams had to create an exception on the firewall. Security teams would manage a single block of IP addresses, scanning the network for issues, controlling physical asset management, and inviting in occasional pen testers.
Now, so much of business activity takes place on or is connected to the internet that attack surfaces have expanded out, meaning that your internet exposure needs to be on your radar. From cloud service providers, SaaS solutions, multiple types of VPNs, servers, hosting providers all over the world, and cloud storage buckets with critical data, the potential for exposure is great.
ASM: A new category of cybersecurity tooling
All of the infrastructure mentioned above exists on the public internet, which is visible to me, to you, to nation-state hackers, and to everyone in between. It’s easier than ever for attackers to build a profile of your company’s exposed assets. They can look for easy entry points, identify the software you’re running, and pull down everything in an S3 bucket within minutes of being deployed. One slip-up and your organization can become low-hanging fruit for attackers.
This fragility is why you need a tool that can track everything you have that’s exposed. Attack Surface Management (ASM) solutions are still a new category of cybersecurity tooling, so companies have only recently started looking for solutions and creating budgets for ASM and they’re racing to find one that fits their needs.
A recent Forrester survey shows that most organizations are looking to pilot or implement an attack surface solution this year, and 36% of companies are already planning on implementing an ASM solution by the end of 2022. This adoption is impressive, but the other 64% of people are not yet there because they’re probably thinking: don’t I already have the tools to do this?
External monitoring security tools
Many organizations already have external monitoring security tools in place. They can give you some visibility into external risks but they do not give you the complete picture.
Security Ratings Services (SRS)
No visibility into suppliers’ cloud configurations
Security rating vendors who provide high-level risk scores and grades, but they focus on just your vendors, and they lack the complete context of your organization. They can also lack the context about the organizations that they gread, and they often work with stale data.
Vulnerability Management (VM)
No visibility into Shadow IT
Vulnerability management tools are great and necessary, but they can only scan hosts that they know about. You may also have multiple vulnerability management solutions, one for on-prem, cloud, or even a different solution for each cloud service provider that you use – which can be a lot.
Digital Risk Protection (DRP)
No visibility into unknown attacker-facing internet assets
Digital risk protection tools can track your brand across social media or the dark web. This is very useful, but this doesn’t represent your existing infrastructure that can be compromised.
Cloud Security Posture Management (CSPM)
No visibility into unknown cloud accounts and weaknesses in other critical internet assets like SaaS
There are many cloud-specific security tools, one being CSPM. CSPMs help ensure compliance, but they can only monitor cloud accounts that they know about, and it can also create a ton of alert fatigue. Not every misconfiguration is a fire drill. They don’t provide awareness of what cloud services are truly exposed and open to attack. So, out of, say, 1,000 misconfiguration alerts, you won’t know which ones to prioritize.
Essential features of Attack Surface Management
Attack Surface Management (ASM) may be an emerging solution but it’s the best solution for handling your internet exposure and growing attack surface. Here’s how ASM differs from the tools above. With ASM you get:
Cloud security. Cloud security will discover all of your unknown cloud providers, and it will also find all of the cloud assets and accounts in those providers. It will continuously monitor for cloud-specific risks, such as a publicly exposed storage bucket.
Comprehensive inventory. The inventory aspect is essential. ASM gives you an inventory of all of your public-facing assets. This is the first step in securing your organization, knowing what attackers can see and the entry points that they would be targets to them.
Identify and remediate risks. The ability to identify and remediate risks is also important. You need the ability to monitor for changes that attackers could exploit to be able to alert the right teams or pass alerts on to the right tools to get things quickly remediated. And an ASM solution can integrate into your existing remediation processes
Ensure organizational compliance. A good ASM solution can help fill in the gaps when assessing your organization’s compliance with industry standards such as HIPAA, PCI, CIS, or various NIST controls.
Discover unknown internet assets. This is the main benefit of uncovering assets or infrastructure that you didn’t know about. If an outsourced project is deployed in DigitalOcean, an ASM solution should be able to find that and bring it into your attack surface.
Add ASM into your cybersecurity tech stack
These are essential features for managing the attack surfaces of today and are not solely contained within the cybersecurity tools mentioned above. An Attack Surface Management solution integrates very well with your cybersecurity tech stack to give you a full picture of your external attack surface.
Let’s start building out your external attack surface.