A Primer On External Attack Surface Management
Customer trust in your organization is one of greatest assets and enterprise can have. However, a rising trend in attack vectors combined with the lax oversight of a critical attack vector may put your organization, and your customers, at risk.
The growth in online interactions, and how online services and applications or built, has given rise to a new and ever-growing attack surface that few organizations are prepared to defend.
What Is An External Attack Surface?
Every public-facing asset your customers and employees access when interacting with your company online, whether it’s owned and managed by your organization or owned and managed by a third-party, makes up your online ecosystem. This ecosystem represents your organization’s external attack surface.
The Rise Of The External Attack Surface
When it comes to information security the dominant strategy has been an in-depth defense of the perimeter by firewalls and internal networks. But what if the threat actors are not looking to breach this perimeter? Assets hosted outside of an organization’s firewall present a growing challenge to security teams, assets deployed beyond this edge represent an external attack surface which can be used to target an organization.
This new digital footprint is far more expansive than the internal one, often by several orders of magnitude as the interactions between employees, consumers and businesses are increasingly happening online via web-based services and applications. The growth of this footprint has accelerated as enterprises undertake significant digital transformation initiatives. These projects require new digital assets, many of which reside outside the firewall, are hosted on public cloud infrastructures, or are deployed in mobile app stores.
Additionally, development of these services and applications often incorporate the products or capabilities of third-party vendors of services, code, infrastructure, or data. It doesn’t stop there – many of those third-parties have built their functionality on top of their own vendors. These third-, fourth, and ‘Nth’-parties provide assets that are also part of your external attack surface, whether you know about them or not.
A New Cybersecurity Discipline: External Attack Surface Management (EASM)
External Attack Surface Management is an emerging cybersecurity discipline that includes identifying risks coming from these internet-facing assets and systems. EASM refers to the processes and technology necessary to discover external-facing assets and effectively managing the vulnerabilities of those assets. Examples include servers, credentials, public cloud misconfigurations and third-party partner software code vulnerabilities that could be exploited by malicious actors. EASM’s core tenant is to take an outside-in view to the enterprise to identify and mitigate threats that exist beyond the perimeter.
External Attack Surface Management should be part of your vulnerability and threat management effort, where known and unknown risks, vulnerabilities and assets are handled strategically versus an ad-hoc approach. For security teams to be successful EASM solutions can provide the following:
- Asset discovery and inventory — Automating the discovery and continuous inventorying of known and unknown digital assets (such as websites, IPs, domain names, SSL certificates and cloud services) across multiple environments provides a clear picture of the assets that an organization is exposed to in real-time.
- Vulnerability Assessment and Prioritization — Due to the high volume of assets that exists in today’s online ecosystems, security teams need to prioritize critical vulnerabilities over less critical ones. The goal is to reduce false positives and increase the team’s efficiency. Remediation of exposures such as misconfigurations, open ports and unpatched vulnerabilities based on a ranked order of urgency, severity and level of risk is vital to achieving that goal.