Randori and IBM Plan to Join Forces to Tackle Growing Attack Surface Risks

ATTACK SURFACE MANAGEMENT (ASM): THE DEFINITIVE GUIDE

Everything you need to know about external Attack Surface Management (ASM) solutions and how to leverage them as part of your organization’s holistic cybersecurity program.

The Basics of ASM

Let’s start by understanding the basics of ASM and its related concepts.

What Is ASM?

Attack Surface Management (ASM) is the continuous discovery, inventory, classification, prioritization, and monitoring of an organization’s attack surface from an external attacker’s perspective.

This emerging cybersecurity technology helps organizations to identify internet and attacker-exposed IT assets as well as to monitor them for unexpected changes and vulnerabilities (i.e., blind spots, misconfigurations, process failures) that increase the risk of attacks.

With the external attacker’s perspective, it’s easy for security teams to prioritize those assets for remediation based on their level of attackability—the attractiveness of an asset to an attacker.

The increasing ransomware and supply chain attacks along with recommendations by analysts like Gartner have made ASM one of the top cybersecurity priorities for CISOs and security teams in recent times.

Attack Surface Management (ASM) is also known as External Attack Surface Management (EASM).

Another emerging technology is Cyber Asset Attack Surface Management (CAASM). It helps security teams solve persistent asset visibility and vulnerability issues.

Attack Surface Management (ASM) is also known as External Attack Surface Management (EASM).

Another emerging technology is Cyber Asset Attack Surface Management (CAASM). It helps security teams solve persistent asset visibility and vulnerability issues.

What Is an Attack Surface?

The attack surface—also known as external attack surface or digital attack surface—is the sum of all internet-accessible hardware, software, SaaS, and cloud assets that an adversary could discover, attack, and use to breach a company.

Here are the types of assets that make up an attack surface:

Assets that are inventoried and managed by an organization. Examples
include servers and websites.

Uninventoried assets like shadow IT or orphaned IT that are located
beyond a security team’s purview. Examples include forgotten microsites
and unsanctioned applications.

IT infrastructure by third-party vendors or partners. An example is a
compromised third-party code installed on a company website.

Assets that are in the networks of a subsidiary company following merger
and acquisition (M&A). They could be one or a combination of the
preceding types of assets explained above.

Attack Surface vs. Assets

Attack surface is not the same as assets. In simple terms, if assets are the things owned by an organization, attack surface refers to the things that are exposed for external attacks.

Attack Surface vs. Attack Vectors

Attack surface is also not the same as attack vectors. Attack vectors are the methods or pathways used by threat actors to breach an organization. Malware, phishing, and stolen certificates are some common attack vectors.

Attack Surface vs. Attack Vectors

Attack surface is also not the same as attack vectors. Attack vectors are the methods or pathways used by threat actors to breach an organization. Malware, phishing, and stolen certificates are some common attack vectors.

Factors Affecting Attack Surface

Every day, your attack surface is growing faster than you can keep pace with. An organization’s attack surface is made up of three main factors:

Unknown Assets

Since deploying assets like SaaS applications is simply plug and play, the attack surface grows constantly.

New Vulnerabilities

More assets deployed means more vulnerabilities such as outdated components and insecure default settings, especially for assets that are unsanctioned by security teams.

Cloud Adoption

With the rapid rise in cloud computing and transition to work from home, more assets than ever are exposed to external threats, increasing the attack surface.

Failure to manage the attack surface results in data breaches and leaks that will affect a company’s operations and reputation. This is why deploying ASM is critical as it can help security teams to identify, prioritize, and monitor assets that truly matter to a company.

ATTACK SURFACE MANAGEMENT (ASM): THE DEFINITIVE GUIDE

All you need to know to learn and leverage external ASM solutions as part of your cybersecurity program.

ATTACK SURFACE MANAGEMENT (ASM): THE DEFINITIVE GUIDE

All you need to know to learn and leverage external ASM solutions as part of your cybersecurity program.

Why Is ASM Critical for Your Company?

Discover why ASM is the right cybersecurity solution for your company.

How ASM Compares against Other Cybersecurity Solutions

Even if you’ve deployed other cybersecurity solutions, ASM can still complement them perfectly well. Continue reading to learn how ASM can harden your other solutions to proactively detect and mitigate risks stemming from exposed assets.

ASM vs. Asset Management

Asset Management is a foundational capability, but it only shows you the assets that you already know. If you want to know what you’re missing, you need the external perspective that ASM provides. 

ASM vs. Vulnerability Management

Vulnerability Management solutions usually consider the number and severity of vulnerabilities through a scoring system. Leverage an ASM solution if you want to evaluate the attackability of assets and how you should prioritize your remediation efforts.

ASM vs. Penetration Testing

Also known as pentesting, this approach works well if you’re specifically looking for known vulnerabilities and weaknesses at a single “point in time.” You can also integrate this solution with an external ASM solution to continuously discover assets and risks.

ASM vs. Breach and Attack Simulation (BAS)

Breach and Attack Simulation (BAS) solutions use choreographed and predefined sets of operations and assumptions to see how well your cybersecurity program holds up against simulated attacks. This is also perfect for performing QA of your security tools. That said, you can still stretch its potential by incorporating ASM since this will show your organization’s real-world threats.

ASM vs. Security Rating Services (SRS)

Security Rating Services (SRS) are fairly basic risk assessment systems that provide a scorecard-like rating on an organization based on publicly available information. You can get quick and simple insights into the public cyber profile of other parties like partners, suppliers, customers, and prospects. You can also combine that with ASM to get an in-depth analysis of security risks.

The Benefits of ASM

Now, let’s dive deep into the benefits that ASM can provide to your security team and company.

Find Unknowns & Prioritize Top Targets

With an ever-changing attack surface, it’s impractical to keep track of all targets. External ASM allows the security team to focus on assets that can be weaponized by attackers, reducing operational noise.

Harden and Reduce Your Attack Surface

Knowing what’s exposed to threats also enables the security team to secure the top assets; hence, successfully hardening and reducing the attack surface in line with the company’s security best practices.

Strengthen Your Cybersecurity Posture

With ASM continuously monitoring the attack surface for new changes and vulnerabilities, the security team and company will get better at predicting and preventing cyber threats.

Since most ASM solutions come with a plug-and-play approach, in which getting started is as easy as entering your corporate email, another great benefit of ASM is its rapid time to value.

Since most ASM solutions come with a plug-and-play approach, in which getting started is as easy as entering your corporate email, another great benefit of ASM is its rapid time to value.

What Are the Use Cases for ASM?

Supplementing your existing cybersecurity program with ASM is recommended if your company has the need for the following, but not limited to, IT use cases:

Shadow IT is dangerous as it presents unknown and unpredictable risks that fall outside the scope of common cybersecurity tools like Security Information and Event Management (SIEM). Here’s where ASM can help to discover the full extent of your organization’s shadow IT.

When an organization acquires another company, it also inherits the subsidiary’s IT infrastructure, assets, and, of course, risks. External ASM solutions provide immediate visibility into the attack surface of
subsidiaries and how it could impact the parent business.

Whether it’s transitioning to a remote-enabled workforce or deploying
more cloud-based solutions, ASM helps to secure cloud migrations by
identifying dangerous blind spots and misconfigurations.

Ransomware is just a symptom of a much larger problem—the inability of cybersecurity programs to assess and proactively reduce risk. Investing in a powerful ransomware prevention solution like ASM is an innovative and cost-effective way to stay on top of potential attacks and curb operational disruptions.

That said, external ASM is also great for other enterprise use cases like automatic asset inventory and risk-based vulnerability management.

How to Choose the Right ASM Solution

Finally, learn what makes an ASM solution the right fit for your business.

Requirements for ASM Solution

Remember that deploying any ASM solution won’t do. Your company’s functional, technical, and operational requirements must be fulfilled. So, when evaluating an ASM solution, make sure it’s built with the following capabilities:

Automated Discovery

Also known as blackbox discovery, the best ASM solution should automatically and continuously establish the baseline of an attack surface with limited false positives, without requiring you to manually input what assets must be monitored. Ideally, just a corporate email or your company’s domain name should be sufficient to get started.

Authentic Attacker’s Perspective

Your chosen ASM tool must expose an external attacker’s perspective of your assets that can be weaponized with the path of least resistance. The ASM tool should also ignore vulnerabilities—despite being rated highly critical—that don’t necessarily present a serious threat because they don’t offer an easy attack route to adversaries.

Risk-based Prioritization

The ASM solution must also prioritize these assets based on how likely adversaries will be to attack them. Bonus points if the software can also determine known exploits, the ease of attackers discovering the assets, and the post-exploitation potential of the assets.

Actionable Findings

The data from the ASM solution must have adequate context and information that are easily searchable as well as remediation guidance that can help your security team to quickly improve your company’s cybersecurity posture.

Continuous Monitoring

Since your attack surface is dynamic, it’s important for the ASM solution to perform ongoing asset and vulnerability monitoring and immediately alert your security team when a critical issue is found.

Real-Time Visibility

It’s not reasonable for you or your team members to manually check the ASM solution for the latest changes to the attack surface. The right ASM solution must provide real-time visibility and alerts to critical issues (i.e., newly discovered exploitable assets) as well as regular summary notifications for non-critical issues (i.e., newly discovered IPs). 

Bidirectional APIs and Integrations

If you already have other cybersecurity solutions like SIEM and asset management in place, then your chosen ASM solution must be one that can be quickly integrated into these larger security workflows. Make sure that the ASM tool is also equipped with an API so that you can automate these integrations.

Also look for other powerful capabilities like role-based access control and
reporting for greater value in adopting ASM solution.

Conclusion

Congrats on making it to the end of our definitive guide!

External ASM solutions can be a great addition to your overall cybersecurity risk management program. The key is to choose one that can easily fulfill your company’s functional, technical, and operational requirements.

Share on twitter
Share on linkedin

Randori Recon is the industry’s leading ASM solution. Randori is the only ASM platform that brings a hacker’s perspective to your attack surface.

With advanced reconnaissance techniques used by real threat actors, it gives you the power to identify, prioritize, and continuously monitor your most valuable exposed assets and risks.

Ready to see how Randori Recon can map out your organization’s external ASM?