Attack Surface Management: You Can’t Secure What You Can’t See

A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren't approved, and in use without the organization's security team's knowledge. But shadow IT isn't the only area where security and IT teams face issues with tracking and visibility. Servers, IoT devices, old VPSs, forgotten environments, misconfigured services and unknown exposed assets can all be entry points which attackers can easily exploit to carry out cyber attacks. Furthermore, there are other internet-facing assets that security teams struggle with, visibility-wise: domains, subdomains, open ports, SSL certificates, open databases, etc. And you can't secure what you can't see. All of the assets mentioned are what we consider an organization's digital attack surface. You can think of each as a possible attack vector cyber criminals can use to penetrate your network or system to gain a hold of your sensitive data. With that in mind we can see how not having visibility into those assets can be detrimental to organizations' security posture, raising their susceptibility to cyber attacks and data breaches. To stay protected and be proactive with their cybersecurity, organizations are adopting attack surface management procedures and tools that provide them with an accurate inventory of all of their assets while continuously assessing their attack surface for potential risks. What is attack surface management? At Securitytrails we see and define the attack surface as the entire network and software environment that is exposed to attacks, as well as all the ways your assets can be exploited. An organization's attack surface will include the unknown assets we mentioned above, shadow IT, forgotten dev and staging environments, forgotten IT infrastructure, along with known assets such as the operating system, network services, servers, domains and subdomains, SSL certificates and rogue assets like typosquatted domains. It doesn't stop there, however, as an organization's attack surface will also include third-party vendors and any risks they carry; small vendors can lead to large data breaches if lacking proper security posture. **Attack surface management**, or ASM, is a highly effective cybersecurity methodology that refers to continuous identification, inventory, classification, monitoring and prioritization of digital assets that contain or transmit sensitive data. While often called "attack surface monitoring" or "attack surface discovery" it in fact covers aspects of both, and more. Attack surface management allows organizations to identify their attack surface components, locate their attack vectors and exposures, and learn how to use that knowledge to protect against future attacks. With the ability to provide real-time visibility into the full attack surface, evaluate risks, and comply with data protection regulations, and with continuous monitoring allowing for efficient remediation in case of threat, attack surface management can be seen as the meeting point of risk management, asset management and discovery, vulnerability management and compliance. Why is attack surface management important? Reducing an organization's attack surface is important, we can all agree to that. But with all the practical tips attributed to attack surface reduction, such as reducing the code you're running, removing unnecessary software and services, performing regular network scans and the like, attack surface management still stands as one of the best ways of not only managing attack surface reduction but also providing many other valuable benefits to an organization's security posture. Let's go over some of the key benefits of attack surface management: Risk reduction One of the most important, if not the most important, benefits of attack surface management is its ability to reduce cybersecurity risks that can stem from shadow IT, human error suc...