What is asset discovery?
In cybersecurity, asset discovery is a foundational process of Attack Surface Management (ASM), also known as External Attack Surface Management (EASM). Asset discovery involves identifying, enumerating and cataloguing all the devices, systems, and software that might be exposed to potential attack from the open internet.
When asset discovery is further combined with the vulnerability detection and vulnerability assessment methods of ASM, it becomes truly powerful and allows an organisation to understand what it needs to protect, where vulnerabilities might exist, and how to mitigate the risk of attacks from hackers exploiting those vulnerabilities.
The asset discovery process is a critical part of ASM, because it forms the baseline for defining an organisation’s attack surface and the analysis of areas needing security attention.
Tracking assets is getting harder
Keeping track of your business’ internet-facing assets is essential, but the advent of cloud-based services, Internet of Things (IoT) devices, and the proliferation of internet-facing devices has significantly complicated the task. The sheer volume and dynamic nature of these systems and services makes it incredibly challenging to track and manage manually.
Additionally, the process is further complicated by the existence of unknown or shadow assets. These may be upapproved, unauthorised systems, or systems that are simply unknown to the organisation, yet they are part of the visible network of the business and are accessible over the internet.
These factors highlight the need for an advanced and comprehensive ASM solution to ensure effective asset discovery.
The challenges of doing asset discovery well
Automated asset discovery is technically challenging and not all ASM solutions do this well. Here are some of the difficulties that as ASM tool has to solve:
Minimising False Positives: Shared IPs and Content Delivery Networks (CDNs) often lead to false positives, as IPs might be shared with other services and organisations. Additionally, data might become outdated if IPs change frequently, as is common with CDNs.
Software Component & Version Identification: Identifying software components and their versions is not always straightforward. Without accurate version identification, it’s impractical to report the severity of any detected vulnerabilities.
Amalgamating Information from Multiple Sources: Asset discovery involves gathering information from various sources. This can lead to data inconsistencies, making information integration a challenging task.
Non-Intrusive Scanning Limitations: Non-intrusive scanning relies on third-party sources that may be outdated. This can result in a less accurate view of the current attack surface.
The Recursive Nature of Scanning: Scanning can be an ever-expanding task. Discovering one asset may lead to the discovery of multiple connected assets. Without setting a scope for the scan, you could end up attempting to crawl the entire internet.
DNS and IPv6-related Challenges: Asset discovery often involves navigating complex Domain Name System (DNS) records, such as following CNAME records, which can be a challenging task. Additionally, handling IPv6 and certificate transparency logs adds more complexity to the process.
Pinpointing Infrastructure Risks: Identifying where risks reside in the infrastructure at a ‘root cause’ level is crucial. For example, it’s important to know that a specific vulnerability exists in a particular version of software on a certain domain.
After exploring these challenges, it becomes clear that a comprehensive and technically advanced solution is required to effectively address these issues and optimise the overall process.
How ASM addresses these challenges
A good ASM solution will be specifically designed to tackle the challenges mentioned above and more, providing a comprehensive and efficient solution for asset discovery.
To address the challenge of minimising false positives, ASM tools typically employ techniques to verify the ownership of an asset, reducing the likelihood of false identifications. They also aim to collate and cross-verify information from multiple sources to ensure a more accurate and comprehensive asset inventory.
Additionally, ASM tools should be designed to cope with the recursive nature of scanning - they need to limit their search to defined scopes to avoiding unbounded crawls of the internet, but they also need to scan thoroughly and not too narrowly. They should offer ways to handle the complexities of DNS records, IPv6, and certificate transparency logs.
On the data management front, an ASM solution should provide features for effective data summarization and tools that facilitate in-depth exploration when necessary. The solution should provide a way to score the risk associated with each identified asset and manage historical data, ensuring an organisation has a complete and up-to-date picture of its digital footprint.
Moreover, a good ASM solution will excel at pinpointing infrastructure risks, identifying where vulnerabilities exist in the infrastructure, such as a specific software version on a particular domain, allowing for targeted remediation efforts
In summary, ASM solutions play a pivotal role in strengthening an organisation’s security posture by streamlining the process of asset discovery and providing actionable insights into potential vulnerabilities. While humans certainly play a part in this process, the challenges presented by modern digital environments can make it almost impossible for a human to navigate these complexities alone. This is why a solution like FractalScan Surface is necessary to address these challenges.
Find out how FractalScan can help you
Ready to take charge of your organisation’s cybersecurity?
With FractalScan’s attack surface management solution, you’ll gain a comprehensive view of your vulnerabilities, track your cyber health score, and prove the ROI of your security investments.