A solid attack surface management (ASM) program must align all business functions involved in overseeing technology assets and the security program, including IT management, SecOps, and DevOps teams. An organization’s attack surface strategy addresses
ongoing ASM challenges, including rapid surface growth and attack point complexity, and provides visibility into all digital and physical company assets.
This piece provides guidance to improve attack surface management to help better identify risk, increase asset visibility and strengthen your overall enterprise security posture.
Steps to Improve Attack Surface Management
Below are nine actionable steps that improve threat visibility, add proactive controls and follow a risk-based security strategy to minimize the possibility of attacks.
1. Identify All Technology Assets
Attack surface management begins with mapping out your attack surface. Identify all points a threat actor could use to compromise your enterprise. This includes all technology assets and resources,
such as software applications, databases, websites, servers, and devices such as computers, phones, and tablets, as well as IoT devices.
In addition to discovering and plotting points on the attack surface, you need to develop a system that finds and catalogs new digital assets as they get added to the network. The typical attack surface is growing with the addition of cloud applications,
online services, or IoT devices to the technology stack — making it difficult to maintain system visibility without an organized cybersecurity asset management process.
2. Understand Vulnerabilities and Risks
Understanding network vulnerabilities and likely resource targets can help secure potential gaps and prioritize critical points on the attack surface. Vulnerability scanning, penetration testing, and running impact analysis are vital for identifying system
weaknesses and potential incident severity — ultimately helping allocate resources toward protecting and observing the essential production environments. Take both the internal and external attack surfaces into account.
3. Install Protective Controls
Some of the most vulnerable and targeted areas on the attack surface are the endpoints and as such, need to be a focus area for protection and paired with the appropriate preventative tool. As part of a thorough ASM strategy, focus on protecting those
points with preventive technology such as antivirus software, application firewalls, and endpoint encryption.
Additionally, security protocols on your email server, a resource often used as an attack source, mitigate risk by controlling email messages that access the system. This helps to prevent phishing emails from entering the network — additional protection
from employees unknowingly downloading malware or disclosing their credentials.
4. Focus on Security Awareness Training
Because human error causes most breaches, ensure that your ASM plan includes an employee security awareness training program. The courses and training modules should focus on a hacker's likely
attack vectors. For example, phishing scams, what they look like, and how to avoid them, as well as best password management practices to avoid credential compromise.
5. Enforce Security Policies and Procedures
Company policies keep employees in check as they manage enterprise data, access resources, and operate applications — all parts that make up an attack surface. Requiring users to manage passwords a certain way, follow internet browsing rules, and
use encryption for sensitive data helps reduce their own negligence — protecting your assets.
For DevOps, IT and security teams, formal operational procedures should be developed that protect and manage the attack surface. Scheduled and step-by-step software patching, data backups, network segmentation, vulnerability tests, and machine identity
management processes keep the attack surface secured, monitored, and ready to respond should the worst-case scenario occur.
6. Gain Attack Surface Visibility
Attack surface visibility is essential to tracking user activity, spotting potential threats, isolating incidents, and reducing the attack impact. System monitoring by using security and event management (SIEM), security orchestration, automation, and
response (SOAR), threat intelligence, infrastructure access platforms (IAP), and network monitoring solutions help but visibility still continues to be a major ASM challenge.
7. Deploy ASM Automation
Automation tools, specifically for incident detection and response, allow intelligent solutions to monitor the attack surface for anomalies and defend against attacks non-stop. Endpoint detection and response (EDR) tools, managed detection and response
(MDR) services, and extended detection and response (XDR) solutions, for example, collect and analyze activity data between your technology assets. They'll also hunt for system threats and automatically trigger alerts and response functions for confirmed
attacks.
8. Incorporate Compliance Management
Regulatory compliance requirements set minimum control and process standards within specific industries, geographic regions, or business functions. During ASM development and implementation, coordinate with your compliance audit, risk management, and
legal teams to ensure your program meets the compliance requirements in addition to employing these best practices.
9. Use Outsourced Practitioners
Throughout all steps of the ASM process, consider using outsourced consultants and security practitioners with deep, domain-level expertise and specialized knowledge to assess your attack surface.
Outside auditors can assess your risks, current controls, and compliance requirements to help develop your ASM program. MDR firms can provide specialized, 24/7 visibility for your network and response services on an automated basis. Managed security service
providers (MSSPs) can help with cybersecurity and IT management, catalog and track technology assets, install and maintain controls, and run vulnerability assessments.
Outsourced providers like IANS can offer vendor-agnostic evaluations, advice, and solutions to boost your ASM posture. Get in touch to learn how IANS can help move your security program forward.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.