Every organisation, regardless of its size, needs to be constantly aware of vulnerabilities that can be exploited by malicious activity, allowing access to its infrastructure landscape. Potentially catastrophic breaches need only a single access point and knowing your attack surface and potential vulnerabilities is the first tool in your cyber security toolbox.
Firstly, what is the attack surface?
A business’s attack surface consists of any point of entry on its network that can be targeted by an attack with the intention of causing malicious damage or extracting data, and by doing so, inflict harm and risk to the business itself.
The attack surface includes both digital and physical elements, such as:
- Physical IT assets, typically situated on-site but also those that connect remotely (servers, endpoint devices, hardware, storage devices).
- Virtual or cloud assets (cloud-hosted resources, SaaS applications, cloud servers, websites)
- Other external assets (vendors, service providers)
- Subsidiary networks (shared by multiple businesses).
Attack Surface Management (ASM) and why it’s important
Attack surface risk management is knowing and understanding which assets make up the attack surface, proactively responding to known and unknown vulnerabilities by the continuous discovery, inventory, classification and monitoring of the IT infrastructure and its performance.
Having a robust attack surface management programme is perhaps the most important weapon in any business’s cyber security arsenal.
With changing ways of working that increasingly include off-site working and when businesses adopted new IT, cloud and virtual solutions that increase digital footprint, attack surfaces become larger.
This makes securing IT assets a complex and ever-changing activity, and it provides attackers with multiple opportunities to penetrate even the best-intentioned defence. By knowing the attack surface and understanding how attackers survey and exploit vulnerabilities, companies empower themselves to proactively defend against potential damage.
67%
of organisations have seen their attack surfaces expand in the last 12 months.
69%
of organisations have been compromised an unknown or poorly managed assets in the last 12 months.
73%
of IT security decision makers are concerned about the digital attack surface.
(Source:IBM)
How to manage risk to the attack surface?
With this fast-paced, ever-changing emergence of new threats, businesses cannot be complacent with security. Attack surface risk management is a complex and on-going exercise. To be effective and support good management, you must include the following activities:
- Automate asset discovery, review and remediation
- Eliminate known vulnerabilities, including misconfigurations, unpatched software and weak passwords
- Continually map all assets
- Efficiently identify and disable unknown assets and shadow IT.
This involves a four-step process:
Discover
Know all internal and external digital assets to improve visibility across the entire IT infrastructureTest
Proactive monitoring and testing on a continual basis is essential to protect against the emergence of new vulnerabilities, especially as the attack surface is always changing.Prioritise
Using intelligence gained by monitoring activities, along with known vulnerabilities and history of exploitation, it’s important to deploy remediation where it is needed. Understanding how assets look to potential attackers will give you the insight needed to prioritise remediation efforts.Remediate
Finally, take action on known vulnerabilities and protect the attack surface.
How does WithSecure's Vulnerability Manager Help?
VM is a turnkey, enterprise-grade vulnerability scanning and management platform. It combines IT asset discovery and inventory, identification and management both internal and external threats. Report on risks and conduct compliance to current and future regulations (such as PCI and GDPR compliance). It also gives you visibility into shadow IT and so maps your full attack surface enabling you to respond to critical vulnerabilities associated with cyber threats.
Unlike any other vulnerability solution on the market, VM features web crawling technology, called Internet Asset Discovery, that also covers the deep web. It allows you to easily browse through all targets to quickly identify risks and potentially vulnerable connections, and to expand the possible attack surface beyond your own network.
Licenses
VM is arranged in tiered pricing and is licensed per IP address:
Whilst your IT department maybe well able to handle the ASM process, our skilled engineers can fill in the gaps in any one or all of the four steps (discover, test, prioritise, remediate). Contact us to find out how to manage your attack surface without diluting your IT resources.
