Attack surface management (ASM) is one of the most essential components of IT security. Any software, hardware, SaaS, and cloud assets that store an organization’s data and can be accessed by the internet make up the attack surface. These all become points of entry for a cybercriminal attempting to steal data. In the past, a company could perhaps profess to have control and awareness on all of its attack surfaces. ASM has long been used to address cyber risk.
Today, protecting an organization’s data has become ever more complex. Companies building applications work with third-party vendors who in turn work with more third-party vendors. For one SaaS product or webpage, hundreds of indirect vendors could be involved. Covid has further exacerbated the situation.
In the months following March 2020, the US saw an intense spike in cyber attacks. Employees are now working from home and using their own internet connections to handle sensitive company data. The use of cloud applications, virtual desktops, sharing of devices with family members can all present security concerns.
Companies were not prepared to keep a remote workforce secure. Many processes and procedures like mortgage approvals have not been designed to be done from less-secure home environments. Many organizations improvised and the results were less than secure. Furthermore, a new government call for data disclosure around the pandemic may force companies to re-evaluate the security of that data. All of these factors have created an expanded attack surface. To protect against malicious attacks, the right ASM is essential for this process.
Before the pandemic, companies were certainly facing many cyber threats. ASM was developed to address these threats and ensure asset and data security. In order to keep an asset secure, it must be known. All the assets belonging to an organization must be uncovered and accounted for. ASM is a strategy for doing this and ensuring these assets are secure. In pre-covid days, managing an attack surface would require the following:
ASM usually involves several phases—discovery, inventory and classifications, risk scoring, monitoring, and malicious asset and incident monitoring. A decent pre-Covid ASM would uncover all your internet-facing assets as well as those managed by third parties. These would include:
As the threats presented by the expanded attack surfaces of the Covid world grew, all the above was not enough to keep cybercriminals out. From email or Gmail phishing addresses to malicious apps disguised as Covid tracing tools, remote employees have been targeted by cyberattacks. Between third and fourth-party vendors and remote workers, ecosystems have become highly exposed to numerous threats.
The pandemic world posed new and unique security risks to organizations. Companies had to respond quickly to the environment with increased security. As we settle into the ‘new normal,’ there is an opportunity to improve data security further. Many companies are taking a zero-tolerance policy when it comes to poor IT security and actively working to improve the IT hygiene of their employees and infrastructure.
ASMs must become even more sophisticated than the cybercriminals they are attempting to thwart. To protect an organization in the new normal, an ASM needs to be able to do the following:
The pandemic has brought with it expanded opportunities for cyberattacks. The ‘New Normal’ requires organizations to adopt new tools. It has also brought with it many opportunities to institute new security tools to combat these attacks. Attack Surface Management is one of these tools. However, the previous standards for ASM no longer apply. Organizations must continuously assess threats and have visibility over all assets, third parties, and remote workers. ASM must work in tandem with vulnerability and patch management platforms and be guided by cyber-intelligence to provide continuous monitoring of digital risk profiles. Attack surface discovery, vulnerability intelligence, brand intelligence, digital risk protection, cyber situational awareness and cyber-intelligence should be integrated into a single pane of glass to give cyber defenders a solid hold over new and emerging cyber threats.