Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
The "attack surface" used to gain access an organization's digital assets and data has drastically expanded over the last few years. What was once an established network perimeter of private corporate resources has evolved into an infinite number of points
and attack opportunities to infiltrate and steal sensitive data. Sophisticated attackers have become adept at probing attack surfaces from the ‘outside-in’ to find unknown or unmanaged assets ideal for attack.
This piece explains the importance of attack surface management (ASM), outlines its challenges and provides best practices to build an ASM program that identifies risk, increases asset visibility and helps create a more secure environment.
An attack surface is the sum of all attack vectors or paths a malicious actor could take to exploit system vulnerabilities, breach a network, and deploy a successful attack. Servers, apps, workstations, corporate endpoints, even users and their personal
devices associated with the technology stack and organization infrastructure are also attack points for cybercriminals.
Attack surface management is the process of identifying and protecting points on the attack surface and implementing solutions to monitor them for threats and resolve cyber incidents. Today's typical configuration of IT infrastructure and network resources
that allow employees to perform workflows and customers engage with a brand or service, divides the attack surface into two main types:
Attack surface threats directly impact the primary organization and its stakeholders, such as vendors, partners and customers. For example, a retail business creates a mobile app for their customers to manage loyalty programs and receive promotional deals.
Because the attack surface consists of both internal and public-facing systems, consequently that application and its back-end components add new entry points to the attack surface. Hackers can now try to obtain user account credentials to steal their
personal information, hack the data-housing system collecting and processing customer data, or shut down the server running the application. These scenarios require advanced ASM solutions to provide visibility into entry points and protect those added
attack surface points.
Attack surface management has never been as complex or critical to overall cybersecurity strategy as it is today. In addition to conventional internal and external attack surfaces, DevOps attack surfaces with limited internal visibility have emerged as
the latest risk within organizations. New technology resources like cloud or on-premise applications, servers and online services add to the attack surface — making it even more complex to track, maintain and protect those assets adequately.
It can be complicated to align ASM between the entire organization’s groups and cybersecurity program. Such alignment requires enhanced collaborative relationships between Security and DevOps teams for example to make sure all applications and their
components are understood, organized, and monitored. It requires a robust evaluation of current security solutions and frequent system security updates each time vulnerabilities are spotted. In addition, organizations tend to review their attack surface
from the ‘inside – out’ while attackers doing just the opposite. Unknown or overlooked assets can be easily discovered when attackers analyze your attack surface from the ‘outside – in’ which provides a completely
READ: Best Practices for Solid Cybersecurity Asset Management
A strong attack surface management program has a direct beneficial impact on the entire organization's security. By fully identifying on-premise and cloud technology assets, integrations and connections, and public-facing services, IT and security teams
can understand system vulnerabilities, security gaps, and most likely threats. In turn, this understanding determines the proper security controls to prevent, detect, and respond to attacks.
The ultimate result is a proactive security approach that keeps data and resources secure for the organization, partners and customers. Additionally, automated ASM tools can continually identify technology assets and vulnerabilities, calculate susceptibility
to an attack, and determine potential system damages. ASM tools make it easy for businesses to prioritize and continuously monitor the vast number of attack surfaces inside and outside their network.
Between cloud applications, third-party services, hybrid infrastructures, network connectivity, and the rise of the remote workforce, organizations have never been more vulnerable to today's threats. These factors helped to elevate attack surface management
(ASM) as a foundational strategy to protect both internal and external vectors. Most organizations now focus on attack surface programs as a key component of an overall risk management plan.
Despite challenges with expansive attack surfaces, organizations should implement a comprehensive strategy that includes an attack surface discovery process and plans solutions to reinforce vulnerable points. Without an ASM plan, organizations will find
themselves more susceptible to threats and experience slower incident response instances as their attack surface widens over time.
To help address attack surface vulnerabilities, here are some best practices for building an ASM program:
READ: Enterprise Security Architecture Best Practices
Attack surfaces encompass the sum of all entry points or vectors attackers can use to access data or a network system. The growing use of cloud computing, increased system connectivity and integration, and the rise of the remote workforce have caused
more endpoints to be added into the mix — widening the typical attack surface. Building a solid ASM program will help track technology assets, automate workflows, manage vulnerabilities, and add surface visibility to significantly reduce cybersecurity
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 21, 2024
By IANS Research
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.
February 15, 2024
By Alex Sharpe, IANS Faculty
IANS Faculty member Alex Sharpe discusses the risks around AI adoption and provides governance guidance to make your AI launch safe and mitigate risk.
February 13, 2024
By IANS Faculty
Learn how to how to use NIST to modify secure baseline configurations to account for risk and improve security posture.