- Use Cases
Inventorying, managing, and securing assets was simple back in the day.
The attack surface consisted of servers and any asset (like, laptops and desktops) with an internet connection.
Boy, have times changed!
The perimeter of the attack surface has grown. And still continues to do so. Now, it’s about applications (SaaS apps, too!), mobile devices, websites, cloud services, collaboration tools, social media pages, and more.
For IT, security, and risk teams, it’s essential to discover and secure all assets — devices, cloud services, software, and users. But trying to identify and manage these very assets includes a lot of complexities.
Conducting asset inventories — and the data that’s included — are an important step in understanding what’s in IT environments. And there are six essential questions about every asset:
Yet the old way of doing asset inventories (spreadsheets and other manual methods) don’t provide an accurate understanding of the attack surface. Cybersecurity environments are in constant flux, so the results are stale by the time a traditional asset inventory is complete.
Cybersecurity Asset Attack Surface Management (CAASM) is looking to fix that by doing the following:
Another element that CAASM highlights in the attack surface: asset visibility.
If there isn’t an understanding of what’s happening in IT environments, or knowing what assets there are, the potential risks for shadow IT, cloud misconfigurations, external threats, and other vulnerabilities only increase.
Asset visibility is crucial to protect against threat actors looking to breach IT environments. Otherwise, the view of the attack surface is incomplete. IT, security, and risk professionals don’t know which assets are the most critical or susceptible to attack. The data is siloed, making it challenging to piece together. Or worse, there are threats but the lack of information that’s available so teams aren’t sure what action to take.
But to comprehend what’s happening, it’s important to look at the attack surface in four steps:
This kind of assessment provides a bunch of information, like a list of all asset inventory technologies, endpoints missing agents, and devices that aren’t being scanned for vulnerabilities.
To get there, attack surface management provides teams with another way to understand their IT environments — a way that is more in line with how attackers think. IT, security, and risk professionals know what’s going on both internally and externally. They have insight to know what devices and user accounts could be compromised, and the ability to take actions to reduce the risk of compromise.
By connecting and correlating this data, the attack surface isn’t siloed anymore. Teams have a complete view of their attack surface, so they can better prioritize.
And IT, security, and risk professionals will have what they need the most — managing and reducing the attack surface.