The words ‘digital’, ‘transformation’, and ‘acceleration’ have been widely used over the past few years and more during the last 18 months. Organisations have invested heavily in digital transformation with an estimated $6.8 trillion spent and, according to industry experts, 65% of the world’s GDP will be digital by 2022. The pandemic has expedited business plans and strategies to the point where we are now seeing enterprises of the future, operating today. Yet, the widespread technology adoption has also created a plethora of new security problems by expanding organisations’ attack surface to places that they haven’t considered, thus providing a breeding ground for hidden vulnerabilities.
What is attack surface management?
For example, with services like the cloud being leveraged by enterprises of all sizes, and the workforce still being largely remote, one must reconsider the expanding digital footprint and the risks that come with it – from internet facing web apps, IP addresses, domains, cloud, ports, APIs and endpoints, to name a few, and how these impact your business’s security posture. This is where External Attack Surface Management (EASM) comes into play. According to Gartner, EASM is an emerging product set in vulnerability management, supporting organisations in uncovering known and unknown digital assets and risk rating them to create a comprehensive attack surface score, enabling organisations to make a better informed decision on risk prioritisation for remediation, aligned to their own security maturing level.
It is not a new security acronym — far from it. Given the accelerated nature in which technologies are being adopted and new applications being brought to market, it’s important to take stock of your attack surface and identify areas which carry security weaknesses a hacker can find and exploit. EASM can be used to discover your entire internet exposed applications and rate the potential risk with an exposure score, including locating old and unknown web apps that could allow easy route into your system and network. Threat actors will leverage any exploitable vulnerability to get a foothold or launch ransomware, so it’s essential to boost security hygiene practices with the use of EASM to stop the attack cycle in its tracks.
The importance of staff diversity when it comes to information security
Key components of effective attack surface management
The major benefit of EASM is to help you see what the hackers see during a reconnaissance mission. With organisations encountering threats around the clock, having this visibility will give security teams the upper hand, by gaining an outside-in view of their potential exposure before it’s too late. Therefore, the five key components of EASM should include:
- Discovery – This will help map your known and unknown internet-facing applications, web services, APIs, SSL certificates and domains that you may have missed to create an inventory for full application threat visibility.
- Inventory – Necessary for logging the status of IT infrastructure components and assets – much like a configuration management database (CMDB).
- Assessment and classification – Assess the exposure of application assets discovered against the seven most common attack vectors used by hackers and classify them based on business criticality to highlight security weaknesses that could give them a foothold into your business.
- Actionable risk scoring – with clearly defined risk scoring security teams can recognise the security exposure they pose from the EASM exercise. This will provide the necessary context for developers and IT to further investigate high-scored/high risked systems.
- Monitoring – monitoring all digital services linked to your business and other critical assets, including ongoing application security to remain secure and compliant 24/7.
The key to effectively manage your security exposure is continuous visibility. Organisations that leverage EASM tools will be enabled to reduce their attack surface and resolve issues proactively. As digital transformation continues to take hold, the blind spot in the enterprise attack surface will only grow. Hackers by nature are opportunistic and will go to any length to penetrate a business, large or small, to steal critical data for financial gains. Therefore, it’s important to overlay EASM with your wider vulnerability management and application security program to stay one step ahead of the cyber criminals.