There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.
ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.
Understanding Attack Surface Management
Here are some key terms in ASM:
- Attack vectors are vulnerabilities or methods threat actors use to gain unauthorized access to a network. These vulnerabilities include vectors such as malware, viruses, email attachments, pop-ups, text messages and social engineering.
- An attack surface is the sum of attack vectors that threat actors can potentially use in a cyberattack. In any organization, all internet-connected hardware, software and cloud assets add to the attack surface.
- Shadow IT is any software, hardware or computing resource being used on a company’s network without the consent or knowledge of the IT department. Quite often, shadow IT uses open-source software that is easy to exploit.
- Attackers use sophisticated computer programs and programming techniques to target vulnerabilities in your attack surface, like shadow IT and weak passwords. These cyber criminals launch attacks to steal sensitive data, like account login credentials and personally identifiable information (PII).
Why is Attack Surface Management Important?
Security teams can use ASM practices and tools to prevent risks in the following ways:
- Reduce blind spots to get a holistic view of your IT infrastructure and understand which cloud or on-premise assets are exposed to attackers.
- Eliminate shadow IT to remove unknown open-source software (OSS) or unpatched legacy programs.
- Minimize human error by building a security-conscious culture where people are more aware of emerging cyber threats.
- Prioritize your risk. You can get familiar with attack patterns and techniques that threat actors use.
How Attack Surface Management Works
There are four core processes in attack surface management:
- Asset discovery is the process of automatically and continuously scanning for entry points that threat actors could attack. Assets include computers, IoT devices, databases, shadow IT and third-party SaaS apps. During this step, security teams use the following standards:
- CVE (Common Vulnerabilities and Exposures): A list of known computer security threats that helps teams track, identify and manage potential risks.
- CWE (Common Weakness Enumeration): A collection of standardized names and descriptions for common software weaknesses.
- Classification and prioritization is the process of assigning a risk score based on the probability of attackers targeting each asset. CVEs refer to actual vulnerabilities, while CWEs focus on the underlying weaknesses that may cause those vulnerabilities. After analysis, teams can categorize the risks and establish a plan of action with milestones to fix the issues.
- Remediation is the process of resolving vulnerabilities. You could fix issues with operating system patches, debugging application code or stronger data encryption. The team may also set new security standards and eliminate rogue assets from third-party vendors.
- Monitoring is the ongoing process of detecting new vulnerabilities and remediating attack vectors in real-time. The attack surface changes continuously, especially when new assets are deployed (or existing assets are deployed in new ways). Â
You can learn more about the four core processes and how attack surface management works on the IBM blog.Â
How to Get a Job in Attack Surface Management
Anyone who works in attack surface management must ensure the security team has the most complete picture of the organization’s attack vectors — so they can identify and combat threats that present a risk to the organization.
Hiring companies look for people with a background and qualifications in information systems or security support. The minimum expectations typically include the following:
- Strong technical security skills
- Strong analytical and problem-solving skills
- Working knowledge of cyber threats, defenses and techniques
- Working knowledge of operating systems and networking technologies
- Proficiency in scripting languages, like Perl, Python or Shell Scripting
- Experience with attack surface management and offensive security identity technologies.
What’s Next in Attack Surface Management?
Cyber Asset Attack Surface Management (CAASM) is an emerging technology that presents a unified view of cyber assets. This powerful technology helps cybersecurity teams understand all the systems and discover security gaps in their environment.
There is no one-size-fits-all ASM tool — security teams must consider their company’s situation and find a solution that fits their needs.
Some key criteria include the following:
- Easy-to-use dashboards
- Extensive reporting features to offer actionable insights
- Comprehensive automated discovery of digital assets (including unknown assets, like shadow IT)
- Options for asset tagging and custom addition of new assets
- Continuous operation with little to no user interaction
- Collaboration options for security teams and other departments.
With a good ASM solution, your security team can get a real cyber criminal’s perspective into your attack surface. You can find, prioritize and solve security issues quickly and continuously. Ultimately, a diligent attack surface management strategy helps protect your company, employees and customers.Â
InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services
