In the modern business world, companies need to invest heavily in digital technologies to keep their operations efficient and agile. That’s good unto itself, but such investments also expand the “attack surface” of the enterprise — the networks, devices, IT systems, and data that might be vulnerable to cybersecurity risks.
To defend against such risks, your organization must be able to understand threats and vulnerabilities and apply risk management to the entire attack surface. This is where continuous attack surface management (CASM) comes in.
In this article, we will address five key considerations for CISOs as they conduct enterprise-level continuous attack surface management.
Before understanding CASM, however, you must first understand its meaning and the attack vectors that exist within an organization.
What Is an Attack Surface?
The attack surface refers to all the exploitable vulnerabilities on an organization’s network, whether those vulnerabilities are on-premise software applications, hardware endpoints like computers and mobile devices, or within SaaS, cloud assets, or third-party networks.
Attack surfaces can be either internal or external. A threat actor could potentially exploit any attack surface to compromise the enterprise network, steal data, or perpetrate some other kind of cybercrime.
Four Types of Attack Surfaces
The attack surface examples mentioned above can be grouped into four categories.
Physical Attack Surfaces
The physical cyberattack surface is composed of vulnerabilities on network-connected endpoints of internet-enabled devices. This surface is usually exploited by external intruders or rogue insiders, or via social engineering ploys and untrusted BYOD devices.
A threat actor might then install malicious software, use privilege escalation to gain unauthorized access, inspect source code running on a device, or expose sensitive data on devices or databases.
Digital Attack Surfaces
This attack surface encompasses everything in your digital ecosystem that lives outside the firewall and can be accessed through the Internet.
Digital attack surfaces include all known assets, unknown assets (or “shadow IT”), and rogue assets such as malware and spoofed websites. Exploitable vulnerabilities in the digital attack surface include:
- Open ports
- Poor email security
- Lack of DNSSEC
- Leaked credentials
- Leaked data
- Susceptibility to domain hijacking, MitM attacks, XSS attacks, etc.
Social Engineering Attack Surfaces
This attack surface is composed of all the people in your organization who are susceptible to social engineering attacks, like:
- Media drops
- Honey traps
- Advance fee scams
Vendor Attack Surfaces
Vendors, suppliers, and other third parties (especially those with access to the organization’s digital assets or data) also introduce significant cyber risk into the enterprise.
Threat actors can exploit security issues in those vendor systems to attack the customer organizations through a “supply chain attack.” That’s why the organization’s cyberattack surface also includes vendor assets.
Each attack surface has different kinds of vulnerabilities, which create different threats and generate different cybersecurity risks. So it’s vital to manage all your attack surfaces through comprehensive continuous attack surface management.
Five Key Considerations to Choose a Continuous Attack Surface Management Solution
In the cyber threat landscape, attack surface management (ASM) enables organizations to discover and monitor potential threat targets, reduce their attack surface, and identify and mitigate risks stemming from these targets. It also helps to prioritize remediation efforts.
CASM is a departure from older ASM approaches where security teams enumerated the attack surface in an ad-hoc or discrete fashion. Through CASM, security leaders can continuously assess the cyber attack surface, applying mitigation steps to vulnerabilities as they arise.
This lets the CISO reduce the size of the attack surface, decrease the risk of asset damage or data loss, and also improve the overall security posture.
To ensure that a CASM solution can help to meet these goals, organizations must consider a few key elements and capabilities.
Does my solution provide continuous monitoring?
For any organization, the attack surface is highly dynamic, with assets being added or removed all the time. Moreover, the adoption of cloud-based services and open-source software increases cybersecurity vulnerabilities, and creates risks like misconfigurations and cyber attacks.
The threat landscape also includes malicious assets (such as ransomware) deployed by cybercriminals that can’t always be detected through human or manual monitoring.
This is why continuous monitoring of the entire attack surface is one of the most crucial capabilities in any CASM solution.
Can it discover shadow IT?
According to Gartner, shadow IT assets “are driving increased risks of data breaches and financial liabilities.”
To reduce your digital footprint, a CASM solution must provide full visibility into the shadow IT environment so security teams can discover such assets; incorporate those assets in policy-driven rules and prioritization workflows (or shut the assets down); and ultimately reduce risk impact.
Does it support risk-based prioritization?
The cyberattack surface is composed of numerous assets. Not all are equally attractive to attackers.
The CASM solution should be able to identify the most attractive, valuable, or risky assets, and provide automatic threat assessment. Equally important, it should support real-time, risk-based prioritization for more proactive, consistent security.
Does it integrate with other security solutions?
Since CASM will be used by security operations, threat intelligence, and vulnerability management teams, the solution should be easy to integrate into daily workflows.
Also, the cyberthreat landscape is constantly evolving, so the CASM solution should not work in isolation. It should provide bi-directional APIs that enable integration with other security solutions including asset management, GRC, and SIEM.
Is black-box reconnaissance included?
A robust CASM solution must automatically discover any external assets visible to threat actors, even if the solution isn’t provided with specific asset information like IP address ranges.
Reduce Cyber Risks With ZenGRC
To track and manage persistent threats properly, you need a solution that can keep up with your evolving CASM and risk management program.
The ZenGRC Platform provides a “single source of truth” repository that reveals information security risk across the business, whether from internal assets or from third-party vendors.
It also helps streamline incident management, so you can quickly and identify and respond to any security incidents and minimize loss events.
Furthermore, ZenGRC employs universal control mapping across any number of cybersecurity and compliance frameworks. This lets you create a single control and workflow to satisfy multiple needs.
Worry-free CASM is the ‘Zen’ way. To learn more about ZenGRC, contact us today for a free demo.