ASM solutions (Attack surface management) are a top priority for security leaders in 2023.
Cybersecurity teams are often left in the dark against ransomware and malware-equipped threat actors. Cybercriminals constantly look for and find exposures defenders don’t know about.
Fortunately, ASM solutions are helping teams fight back against these blind spots.
A core part of the attack surface management process, ASM tools multiply a security team’s ability to understand, quantify, and communicate attack surface risk.
Arming teams with a new insight into where vulnerabilities lie, ASM tools speed up asset discovery and remediation workflows.
How Do Attack Surface Management Solutions Work?
Digital attack surfaces are the collective attackable profile created by all the devices, software, and servers that connect to an organization’s networks.
An organization’s attack surface has an external and internal side.
The external side consists of all the assets, devices, and applications that someone outside your network can find. For example, customer portals, cloud assets, and applications.
Internal assets are the devices and applications used by trusted network insiders.
Attack surface management solutions work by scanning for external and internal assets connected to your organization. They aim to show you what threat actors see and which of your assets and endpoints drive breach risk.
To do this, ASM solutions use automated network scanning and asset prioritization engines and work through three processes:
Security teams can do these processes manually by using a combination of open-source tools such as Nmap alongside vulnerability management processes.
However, without an ASM solution, it takes more than 80 hours for the average organization to map its attack surface.
By automating a large part of the attack surface management process, ASM solutions dramatically decrease the time it takes to understand attack surface risks. ASM solutions give you a real-time look at how your attack surface is changing.
4 Questions to Ask An ASM Solution Service Provider
Although ASM is a relatively new solution category, there is now a range of vendor solutions on the market.
However, not all ASM solutions have an equal ability to discover and secure your attack surface.
Based on our experience helping dozens of leading enterprises and mid-market companies secure their attack surfaces, here are four questions to ask an ASM solution vendor.
1. Do you allow bi-directional integration with other security tools?
ASM solutions work best when they can talk to other cybersecurity solutions within your environment.
For example, if you use an extended detection and response (XDR) or security information and event management (SIEM) solution to collect security logs from IT assets, your ASM platform should be able to integrate into the security workload these solutions create.
An ASM solution must allow bi-directional integration to avoid the data-siloing problems plaguing at least 21% of security programs. It should also have an open API to make automation possible.
2. Can you discover all of my assets?
Some ASM solutions will only look at your external IPv4 assets. This is a major issue because an increasingly large portion of internet-facing assets is IPv6.
Ignoring IPv6 means missing vulnerable attack vectors.
The massive size of the IPv6 data set means that ASM solutions can’t scan it in the same brute-force way they do IPv4.
Effective ASM solutions get around this problem by finding the breadcrumbs of information pointing to IPv6 assets and scanning them.
Whatever ASM solution you choose should be able to discover IPv6 assets.
It’s also important for an ASM solution to do more than just external attack surface management.
An ASM platform should chase asset exposures into your network and show you the lateral movement opportunities a real threat actor would discover. This kind of “outside-in” method is a critical ASM capability.
3. How do you score risk?
To give you actionable insights, ASM solutions need to show you what assets put you most at risk quickly.
This means finding exploitable assets and categorizing them based on how likely an attacker is to exploit them. For this, an ASM solution needs to leverage frameworks like MITRE ATT&CK to map real-world threat behavior to what it finds within your attack surface.
A critical ASM capability is scoring risk in a realistic and actionable way.
4. How do you avoid alert redundancy?
One of the biggest ASM solution challenges is tying together multiple concurrent issues (i.e., exploitable vulnerabilities) in a single asset.
It is common for ASM solutions to flag over a dozen separate issues within a single piece of software, leaving security teams unsure of what to focus on first.
An effective ASM solution will solve this issue by correlating detections into a single target, i.e., tying together all associated vulnerabilities within or connected to an asset into a single actionable item.
Randori: Market Leading ASM Solution
Randori excels across all of the above.
- Allows bidirectional integration to increase accuracy and remove silos.
- Is able to find IPv6 assets connected to your network.
- Scans your internal and external attack surface.
- Uses a unique target temptation model to prioritize alerts based on real-world threat behavior.
- Consolidates alerts into a single target.
Randori was judged a market leader in these categories and more within a recent GigaOM Radar for Attack Surface Management report.
Sign up for a Randori demo today to get a personalized view of your attack surface and learn why Randori is a leader in attack surface management.