Introduction
Learn how attack surface management (ASM) improves cyber security by offering a comprehensive perspective on potential entry points. If these are not correctly identified and remediated, they could be exploited by attackers.
The overlooked importance of ASM
In cyber security, organisations often face the challenge of selecting suitable tools to integrate into their defence strategy. One crucial component that is frequently overlooked is Attack Surface Management (ASM), also known as External Attack Surface Management (EASM). ASM plays a vital role in identifying vulnerabilities and minimising the risk of cyber attacks. Simply put:
ASM is essential because you cannot effectively protect assets you’re unaware exist.
In this blog post, we’ll dive into ASM and explore its crucial role in cyber security defence strategies.
The range of cyber security tools
Before exploring the details of ASM, it’s essential to understand the broad range of tools commonly used by businesses in their cyber security strategies. Cyber security encompasses a variety of specialised tools, each designed to address specific security challenges. To assist you, we’ve put together a table below (excluding ASM for now):
| Tool Category | General Definition |
|---|---|
| Email Security Tools (EST) | Systems defending email communications from unauthorised access, phishing, malware, and other threats through measures like spam filtering, antivirus scanning, encryption, and authentication. |
| Intrusion Detection and Prevention Systems (IDS/IPS) | Tools monitoring network traffic to identify and prevent unauthorised access, intrusions, and malicious activities based on known attack signatures or behaviour patterns. |
| Endpoint Detection and Response (EDR) Solutions | Solutions protecting individual endpoints by monitoring and analysing activities such as process execution, file changes, and network connections to detect and respond to suspicious or malicious behaviours. |
| Network Firewalls | Security devices or software enforcing access policies and filtering network traffic based on predefined rules to prevent unauthorised access, network-based attacks, and malicious activities. |
| Security Information and Event Management (SIEM) Systems | Software solutions collecting, correlating, and analysing security event data from various sources to detect incidents, anomalies, and generate alerts for further investigation, providing real-time monitoring, threat intelligence, and compliance reporting capabilities. |
| Extended Detection and Response (XDR) Platforms | Integrated security solutions leveraging advanced analytics, machine learning, and automation to detect and respond to advanced threats across multiple attack vectors, offering enhanced visibility, threat detection, and incident response capabilities. |
| Vulnerability Scanners | Software tools that scan specific networks and systems to identify vulnerabilities by checking for misconfigurations, insecure settings, and known vulnerabilities referenced in NIST's NVD. Often they can actively "fuzz" (aggressively input test) parts of an attack surface to uncover potential security issues. |
| Identity and Access Management (IAM) Systems | Tools and frameworks centralising user identity management, authentication, and access privileges within an organisation's IT infrastructure, facilitating user provisioning, password management, single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and access governance. |
Understanding the principles of ASM
Every organisation has an “attack surface” that poses a threat of exposure to cyber risks.
From an attacker’s perspective, the attack surface includes all possible avenues of access, such as open ports and services, misconfigured systems, outdated software, leaked credentials, and more.
Identifying all accessible assets is a crucial part of the ASM process. This involves enumerating and discovering assets within an organisation’s external ecosystem. However, this task can be quite complicated due to the extensive and ever-evolving nature of an organisation’s digital infrastructure. As a result, it’s essential to have a thorough ASM tool in place that can help identify and track these assets over time.
In essence, ASM refers to the non-intrusive identification and monitoring of an organisation’s publicly exposed attack surface from an outside vantage point. The goal is to reduce the potential vulnerabilities that attackers could leverage by gaining a comprehensive view of all digital assets, platforms, and services exposed publicly online.
ASM tools comprehensively map out an organisation’s external digital presence. They also scan this attack surface to locate weaknesses, misconfigurations, and unidentified issues. Some techniques used during this process include:
- Asset discovery and enumeration to identify all elements of the attack surface;
- Fingerprinting systems to identify software, versions and configurations;
- Analysing login pages and credentials without active attempts to authenticate;
- Evaluating email security configurations, HTTPS security settings, certificates, cipher suites and other passive indicators.
To work effectively, ASM requires an outside-in perspective. By scanning an organisation’s systems and assets from an external vantage point, similar to an adversary, ASM tools can identify weaknesses that may be missed by internal security monitoring, which only sees inbound traffic. This outside-in view helps reduce unintended oversight of any peripherally exposed systems that agile attackers could potentially probe and exploit from the internet.
To summarise, ASM adopts a proactive and preventive approach to risk management. It assists organisations in pinpointing, overseeing, and minimising their internet-exposed attack surface. This is achieved through constant and proactive identification and assessment of potential vulnerabilities. It plays a crucial role in any comprehensive cyber security strategy.
Comparison of ASM with other tools
While various cyber security tools offer valuable defensive measures, ASM provides a unique, holistic view of an organisation’s attack surface. It’s not just about identifying potential vulnerabilities but also about discovering and enumerating all of the assets within an organisation’s digital world. This focus on asset discovery and enumeration is one of the chief differentiators of ASM from other cyber security tools.
For example, network and endpoint tools, such as firewalls, Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS), and Endpoint Detection and Response (EDR) solutions, tend to focus inward, monitoring internal traffic and assets.
In contrast, ASM adopts an external, holistic approach, evaluating all internet-facing surfaces. The process of asset discovery and enumeration in ASM provides a comprehensive understanding of the attack surface, which is crucial to prevent potential breaches. This makes the ASM perspective not only unique but also essential in a comprehensive cyber security strategy.
For instance, let’s consider a scenario where an organisation’s firewall is configured to block inbound Remote Desktop Protocol (RDP) access. However, a web server in the Demilitarized Zone (DMZ) has RDP openly exposed due to an incorrect firewall rule. ASM’s holistic scanning from the public internet can detect this misconfiguration, whereas the internal firewall might overlook the issue since RDP traffic is still blocked at the perimeter.
Vulnerability scanners, which provide periodic snapshots, might miss new issues that arise between scans. In contrast, ASM continuously monitors the entire attack surface, maintaining a broad view and rapidly uncovering vulnerabilities.
The National Vulnerability Database (NVD) dashboard reveals that security researchers discover hundreds of new vulnerabilities on a weekly basis. Given the frequency of these identifications, traditional periodic vulnerability scanning methods run the risk of overlooking problems that may arise in the gaps between scans.
Each tool, including ASM, contributes to improving security, although they may each focus on a relatively narrow aspect. Specifically, ASM takes on an integral role by conducting a wide-ranging, thorough scan of all internet-exposed areas. In doing so, it identifies potential vulnerabilities early on, playing its part in mitigating the overall risk.
The essentials for businesses
The choice of cyber security tools for small and medium-sized businesses (SMBs), even those with limited budgets, should be driven by the organisation’s specific risk profile. The company’s nature influences this profile, the type of data handled, regulatory requirements, and the threat landscape within the industry.
For example, a healthcare company, given the sensitivity of patient data and the need to comply with regulations like Health Insurance Portability and Accountability Act (HIPAA), might prioritise robust encryption and data loss prevention tools. These tools will ensure patient data’s integrity and confidentiality, preventing unauthorised access or transmission.
On the other hand, a finance company, which might face risks from cybercriminals seeking financial gain, could prioritise advanced threat detection, strong encryption, and robust identity and access management. These tools would help identify and mitigate threats while ensuring only authorised individuals can access sensitive financial information.
Regardless, the effectiveness of these tools can be significantly improved by employing an ASM platform. This essential tool can enhance other cyber security measures, ensuring a thorough and efficient approach to securing the business.
Putting it all together with ASM
In conclusion, a balanced, layered approach is essential for effective cyber security. While tools like firewalls, antivirus software, and authentication systems form a crucial base layer of defence, ASM plays a unique and integral role in a comprehensive cyber security strategy. It gives a broad view of an organisation’s internet-facing attack surface, enabling the identification of vulnerabilities and prioritisation of remediation efforts.
A strong cyber security strategy should combine advanced tools with fundamental practices like ASM, ensuring coverage from top to bottom, inside and out. Neglecting either aspect can leave exploitable gaps in an organisation’s cyber security posture. Businesses can establish resilient, multi-layered barriers against cyber attacks by prioritising advanced innovation and back-to-basics.
Find out how FractalScan Surface can help you
If improving the visibility and defences around your organisation’s attack surface is a priority, create a free FractalScan account today. You can visualise risks, track your cyber health score as issues are addressed, and receive a custom report to demonstrate ROI to stakeholders.
