The network defense in the network security industry has been passive defense for decades. Although the passive defense cost is lower, there is a weakness that can not prevent major attacks. The average detection and response time and other key assessment indicators are becoming increasingly ugly.
The biggest feature of modern network attack is the three-dimensional attack based on a large amount of data. For a rigid defense system with stacked functions, three-dimensional attacks are like dimension reduction attacks. Therefore, it is necessary to obtain the attacker’s perspective and conduct dynamic and active defense.
Therefore, attack surface management (ASM) and external attack surface management (EASM) are attracting more and more attention in the industry.
Attack surface management is the continuous discovery, inventory, classification and monitoring of enterprise IT infrastructure. It sounds similar to asset discovery and asset management, but ASM looks at security tasks from the perspective of attackers. Network security began to explore offensive or proactive security methods.
Many security enterprises realize that this approach can provide early insight into inbound threats and quickly take countermeasures to mitigate threats and reduce risks. Determine the priority of mitigation measures and verify the effectiveness of measures through continuous testing before the attacker.
Ensure that security covers all IT assets exposed to attackers, assets exposed to the Internet, and assets in the supplier’s infrastructure accessed within the enterprise.
Attack surface management involves five areas: external attack surface management (EASM), network asset attack surface management (CAASM), digital risk protection service (DRPS), vulnerability assessment (VA), and vulnerability/vulnerability priority technology (VPT).
Attack surface management (ASM) is a technology that comprehensively analyzes organizational assets by mining Internet datasets and certificate databases, or simulating attackers using reconnaissance technology.
Scan the domain, sub domain, IP, port and shadow IT of the organization to find Internet oriented assets, and analyze them to find vulnerabilities and security gaps.
Advanced ASM will provide the organization with response methods for each security gap found, such as cleaning up unused and unnecessary assets to reduce attack surface, warning users that their e-mail addresses are readily available and may be used for phishing attacks.
ASM includes the Open Source Intelligence (OSINT) function, which can resist social engineering attacks or phishing activities, such as reporting personal information, videos and meeting content published on social media.
With ASM, enterprises can quickly shut down shadow IT assets, unknown and isolated applications, exposed databases and APIs, and other potential entry points to mitigate any vulnerabilities.
Advantages of attack surface management
Due to the increased business risks caused by network attacks, enterprises began to require a deeper understanding of their organization’s security risks.
Because if the personal privacy data of VIP employees in the organization is leaked, the attacker is likely to directly log in to their mailbox, CRM system, OA system, business system, VPN, etc. to obtain the organization’s sensitive information or even core data without penetration.
ASM readjusts the security thinking from the defender’s thinking to the attacker’s thinking. This allows the security team to better prioritize the attack area. Penetration tests and red team tests can be launched from the perspective of attackers and specific aspects of the IT environment.
Attack surface management products include SaaS, cloud based and managed systems. These products and services will automatically discover the external assets that attackers can view, and evaluate them according to commercial, open source and proprietary threat intelligence sources, so as to generate security ratings for the overall security posture of the enterprise.
Functions of attack surface management products
The attack surface management products mainly include: cyberspace mapping (CAM), identification of organizational structure and associated organizations, mapping of digital footprints, identification of supply chain and risk exposure, threat intelligence (TI) functional group (business data and digital asset leakage intelligence, privacy data leakage intelligence and internal personnel data leakage intelligence), vulnerability priority technology (VPT), and attack surface management system (product).
Evolution direction of attack surface management
For enterprises, traditional penetration testing or offensive and defensive drills will consume a lot of time, manpower and material resources, so enterprises will rarely use them, but offensive and defensive confrontations are dynamic, and it is not enough to rely on only one year of testing and drills to find problems. Normal attack testing can ensure that problems can be found in a timely manner and notified to the enterprise, thereby helping the enterprise to deal with related risks as early as possible.
It will also be more common to expand threat intelligence services, which can help enterprises improve their intelligence capabilities and provide data support for their comprehensive risk analysis.