logo

Attack Surface Management 101 - Everything you need to know about the latest approach to external security

A vast majority of businesses are shifting operations to the cloud. With the promise of greater flexibility, self-service provisioning, and reduced costs, cloud migration seems like a no brainer, but it doesn’t come without its issues.

One commonly overlooked challenge is that when you have more internet-connected assets, you also have more potential entryways for attackers to infiltrate your business. We refer to this collection of entryways as the attack surface. As a way to keep track of the entryways and ensure they are sealed off from attackers, the practice of attack surface management (ASM) was born.  ASM is a relatively new concept in the world of cybersecurity, so let’s break it down.

  • Published: 15-10-2021

  • Related Category: Cloud Security

  • Type of Content: Articles

  • Owner: TrustedSite


What is attack surface management (ASM)?

Attack surface management is a way of keeping tabs on every internet-facing asset within a business to identify weaknesses that could leave it susceptible to an attack. Assets are things like web applications, servers, networks, firewalls, third-party tools, and certificates.

This method of breach prevention is comprised of three recursive components:

Discovery

You can’t protect what you don’t know about, so the first step is to find and catalog every asset associated with your business. The discovery process must be continuous because new assets may come online at any time, whether it’s through a developer adding new websites and services, or a merger bringing in newly acquired networks.

Fingerprinting

Next, you need to get a complete understanding of your assets to identify any open doorways that would be attractive to an attacker. This involves fingerprinting the technology in use, the contents, and the connections to third parties. It also involves detecting vulnerabilities on the firewall, server, or application layer. By cataloging this information, you can quickly see the big picture of where your organization’s assets, and their weaknesses, lie in the cloud.

Monitoring

Developers constantly make changes to websites, and new vulnerabilities can be found at any time. Continuous monitoring for these types of changes allows security teams to correct any issues before a data breach occurs.

Why is attack surface management important?

Attack surface management is important because attackers are always on the lookout for the path of least resistance, hoping to find blindspots that businesses have missed. All it takes is one exploitable weak point for an attacker to get inside your business and steal customer data.

The best way to stay a step ahead and prevent that from happening is to monitor your business the exact way an attacker would—from the outside. By monitoring your assets outside the firewall, you can mitigate the risks of things that leave your business vulnerable, like:

  • Outdated software
  •  Application security flaws
  •  Third-party scripts
  •  Expired TLS certificates
  •  Missing security headers
  •  Shadow infrastructure
  •  Assets inherited through mergers and acquisitions

If you’re not constantly monitoring for these issues, an attacker may find and exploit them months before you’re aware. On average, it takes 280 days to detect and contain a data breach, and remediation can cost upwards of $8 million in the United States. That hefty price tag, combined with reputation damage that causes customers to lose trust, can be detrimental to businesses.

How to approach attack surface management

Modern business moves fast, and many organizations that once had a handful of internet-facing assets are now managing anywhere between 50-100, so not only is the attack surface constantly changing, but it’s also expanding rapidly.

With such massive amounts of data in flux, security professionals have struggled with how to approach ASM in a way that ensures nothing slips through the cracks.



Related Articles: