Inventorying, managing, and securing assets was simple back in the day.
The attack surface consisted of servers and any asset (like, laptops and desktops) with an internet connection.
Boy, have times changed!
The perimeter of the attack surface has grown. And still continues to do so. Now, it’s about applications (SaaS apps, too!), mobile devices, websites, cloud services, collaboration tools, social media pages, and more.
Assessing the attack surface
For IT, security, and risk teams, it’s essential to discover and secure all assets — devices, cloud services, software, and users. But trying to identify and manage these very assets includes a lot of complexities.
Conducting asset inventories — and the data that’s included — are an important step in understanding what’s in IT environments. And there are six essential questions about every asset:
- Is the asset known or unknown?
- Where is it?
- What is it?
- Is it configured correctly?
- Are meaningful changes being detected?
- Does it adhere to company policy?
Yet the old way of doing asset inventories (spreadsheets and other manual methods) don’t provide an accurate understanding of the attack surface. Cybersecurity environments are in constant flux, so the results are stale by the time a traditional asset inventory is complete.
Cybersecurity Asset Attack Surface Management (CAASM) is looking to fix that by doing the following:
- Connecting to existing security and IT solutions through API integrations, and then collecting and correlating the data about these assets to create a comprehensive view of all the devices in your environment
- Providing an always up-to-date inventory of devices, cloud services, software, and users
- Identifying which devices are managed and unmanaged
- Detailing the current and historical security state of all assets
- Triggering response actions (that can be customized!) when an asset deviates from expected states or company policies
Another element that CAASM highlights in the attack surface: asset visibility.
Having a true view of the attack surface
If there isn’t an understanding of what’s happening in IT environments, or knowing what assets there are, the potential risks for shadow IT, cloud misconfigurations, external threats, and other vulnerabilities only increase.
Asset visibility is crucial to protect against threat actors looking to breach IT environments. Otherwise, the view of the attack surface is incomplete. IT, security, and risk professionals don’t know which assets are the most critical or susceptible to attack. The data is siloed, making it challenging to piece together. Or worse, there are threats but the lack of information that’s available so teams aren’t sure what action to take.
But to comprehend what’s happening, it’s important to look at the attack surface in four steps:
- The entry points to the assets
- The controls and policies that protect these entry points.
- The sensitivity of the data that assets use.
- The controls and policies that secure the data.
This kind of assessment provides a bunch of information, like a list of all asset inventory technologies, endpoints missing agents, and devices that aren’t being scanned for vulnerabilities.
To get there, attack surface management provides teams with another way to understand their IT environments — a way that is more in line with how attackers think. IT, security, and risk professionals know what’s going on both internally and externally. They have insight to know what devices and user accounts could be compromised, and the ability to take actions to reduce the risk of compromise.
By connecting and correlating this data, the attack surface isn’t siloed anymore. Teams have a complete view of their attack surface, so they can better prioritize.
And IT, security, and risk professionals will have what they need the most — managing and reducing the attack surface.