The rapid evolution of how software and businesses are built has wreaked havoc on traditional IT asset management and vulnerability management practices, giving birth to the new technology segment of attack surface management (ASM). While there are varying emerging markets around attack surface management like cyber asset attack surface management (CAASM) and external attack surface management (EASM), this blog will focus on the basic terminology.
What is the Attack Surface?
The attack surface is the collection of assets in an organization, whether they are physical or digital, known or unknown, by which an entity could gain unauthorized access to data or systems. Security teams must take an attacker's point of view when protecting their organizations, so identifying an organization's assets is the foundation of any security program.
An organization's attack surface changes dynamically as cloud resources are spun up and retired, pull requests and commits are made regularly to code repos, employees move in and out of organizations, and vendors are added or removed from their portfolio and environments. As security teams choose to partner with business functions, it is critical to enable autonomy while monitoring the attack surface as it fluctuates.
What is Attack Surface Management?
Attack surface management is the practice of continuous asset discovery, inventory, classification, and prioritization of remediation as vulnerabilities are detected for assets. By taking an attacker's perspective to an organization's environment, teams model various attack paths to the "crown jewels" and mitigate risk in accordance with the organization's risk appetite.
The attacker's point of view also drives a more holistic approach to the organization's cybersecurity practices compared to the narrower scope of vulnerability management.
Attack surface management can be done manually or by using a combination of purchased and homegrown tools. Organizations may also choose to adopt a technology from Gartner's Attack Surface Management category to "reduce exposure that could be exploited by malicious threat actors." The benefits of this type of technology, according to Gartner are:
- Improving asset visibility and reducing blindspots
- Understanding attack paths to prioritize security controls
- Quicker reporting and audit evidence collection
- Increased visibility into IT and apps across business departments
- Actionable intelligence and metrics, especially over time
What is a Vulnerability?
A vulnerability is a flaw or misconfiguration in an asset that attackers can exploit to breach an organization's defenses. Below are some examples of a vulnerability:
- Cloud or systems misconfigurations
- Out-of-date or unpatched software / applications
- Missing user credentials
- Unencrypted information or data
- ...and more
What is Vulnerability Management?
Vulnerability management is the practice of identifying, classifying, prioritizing, and remediating weak points in your systems and applications that can be otherwise exploited. Historically, vulnerability management has focused on the immediate impact of a vulnerable asset and ignored the interconnectedness of systems. While the scoring of a vulnerability helps teams understand the severity of the issue, it does not help teams communicate across business functions to emphasize the importance of fixing the issue. It should be no surprise that the average organization has 120,561 security findings sitting in their backlog (2022 State of Cyber Assets Report).
To be effective in the rapidly changing and high growth nature of technology today, security teams must transition from chasing alerts to engaging other business departments to become responsible for their own security issues. This requires communicating those security issues with the proper business context and risk management evaluation.
In contrast to the narrow perspective of vulnerability management, attack surface management takes a more holistic approach to provide sufficient business context and prioritize the never-ending backlog of security issues. Instead of being a gatekeeper to business growth and innovation, security teams must evaluate a fast-changing attack surface in real-time and target risks based on what presents the most risk at the moment.
The JupiterOne Solution
Defenders think in lists. Attackers think in graphs."
- John Lambert
JupiterOne is a cloud-native cyber asset attack surface management (CAASM) platform. It combines full visibility into all cyber assets in your ecosystem with a powerful relational database to provide unprecedented context about anything in your environment. With the graph visualizing any query about the relationships between cyber assets, vulnerability findings, policies, and users, JupiterOne helps you understand direct and indirect risk across your enterprise. As the central hub for your infrastructure and security data, JupiterOne dynamically updates and continuously monitors your assets as your attack surface evolves.
JupiterOne provides context to vulnerability findings so that SecOps teams can quickly assess the blast radius of compromise and create more accurate threat models with less human error. Additionally, with the newly launched feature "Critical Assets," teams can automate that extra level of detail to reduce alert fatigue and right-size remediation efforts.
As your infrastructure and business processes change, use JupiterOne to quickly identify and address security gaps. Request a demo today to see it in action.
