The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations’ networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations’ attack surface and led to a growing number of blind spots in connected architectures.
The unforeseen results of this expanded and attack surface with fragmented monitoring has been a marked increase in the number of successful cyber-attacks, most notoriously, ransomware, but covering a range of other types of attacks as well. The main issues are unmonitored blind spots used by cyber-attackers to breach organizations’ infrastructure and escalate their attack or move laterally, seeking valuable information.
The problem lies in discovery. Most organizations have evolved faster than their ability to keep track of all the moving parts involved and to catch up to catalog all past and present assets is often viewed as a complex and resource-heavy task with little immediate benefits.
However, given the potential cost of a successful breach and the increased ability of cyber-attackers to identify and use exposed assets, leaving any single one unmonitored can lead to a catastrophic breach.
This is where emerging technologies such as Attack Surface Management (ASM) can be invaluable.
What is Attack Surface Management (ASM)?
ASM is a technology that either mines Internet datasets and certificate databases or emulates attackers running reconnaissance techniques. Both approaches aim at performing a comprehensive analysis of your organization’s assets uncovered during the discovery process. Both approaches include scanning your domains, sub-domains, IPs, ports, shadow IT, etc., for internet-facing assets before analyzing them to detect vulnerabilities and security gaps.
Advanced ASM includes actionable mitigation recommendations for each uncovered security gap, recommendations ranging from cleaning up unused and unnecessary assets to reduce the attack surface to warning individuals that their email address is readily available and might be leveraged for phishing attacks.
ASM includes reporting on Open-Source Intelligence (OSINT) that could be used in a social engineering attack or a phishing campaign, such as personal information publicly available on social media or even on material such as videos, webinars, public speeches, and conferences.
Ultimately, the goal of ASM is to ensure that no exposed asset is left unmonitored and eliminate any blind spot that could potentially devolve into a point of entry leveraged by an attacker to gain an initial foothold into your system.
images from Hacker News