Attack surfaces refer to the total number of possible entry points (also known as attack vectors) for unauthorized access to any system. The recent increase in remote and hybrid working combined with the move to the cloud and widespread implementation of Software-as-a-Service (SaaS) applications has made attack surfaces increasingly large, complex and difficult to defend against cyber-attacks, meaning that managing attack surfaces are a must.
Organizations face the challenge of continuously monitoring their attack surfaces to identify, block and respond to threats as quickly as possible. This is where attack surface management (ASM) can help. This article provides more information about ASM and explains how it works.
What is Attack Surface Management (ASM)?
ASM involves continuously detecting and monitoring potential attack vectors, including any avenues or methods a hacker might use to gain access to a company̵7;s data or network to facilitate a cyber attack.
A company’s attack surface is constantly changing and generally includes four main surfaces:
- Assets in placesuch as hardware and servers
- Cloud assets such as workloads, cloud-based databases or SaaS applications
- External assets for example, an online service provided by an external provider that may be integrated with the company’s network or used to store its data
- Affiliate network shared by more than one organization
How ASM works
ASM aims to provide an enterprise’s security team with a current and complete inventory of exposed assets to accelerate responses to threats and vulnerabilities that put the enterprise at risk.
ASM includes four automated core processes that must be executed continuously because the size of the digital attack surface is constantly changing. These processes include the following:
- Asset discovery— Asset discovery is a continuous process that searches for potential entry points for a cyber attack. These assets may include subsidiary assets, third party assets or supplier assets, unknown or uninventory assets, known assets, or malicious or rogue assets.
- Classification and prioritization—Assets are analyzed and prioritized based on the likelihood that hackers can target them. They are inventoried by their connections to other assets in the IT infrastructure, IP address, identity and ownership. Assets are also analyzed for exposures such as missing patches, coding errors, and potential attacks, including the spread of ransomware or malware. Each vulnerable asset is assigned a risk score or security rating.
- Decontamination— Potential vulnerabilities are fixed in order of priority. It may be necessary to apply software or operating system patches, debug software codes, or use stronger data encryption. Previously unknown assets may need new security standards, or it may be necessary to integrate subsidiary assets into the company’s cybersecurity strategy.
- Monitoring— Security risks change when a new asset is put into use or existing assets are used in new ways. The network and its inventoried assets are continuously monitored for potential vulnerabilities so that ASM can find attack vectors in real time. Security teams can then act quickly to neutralize the threat.
A well-designed ASM strategy not only helps protect an organization from cyber attacks—it’s also a practice often required by insurers to obtain cyber insurance. If you would like additional information and resources, we are here to help you analyze your needs and make the right coverage decisions to protect your business from unnecessary risk. You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance part of your insurance portfolio, Request a quote or download and get started with our Cyber & Data Breach Insurance Application then we’ll get started for you.