The rapid evolution of how software and businesses are built has wreaked havoc on traditional IT asset management and vulnerability management practices, giving birth to the new technology segment of attack surface management (ASM). With many solutions on the market for organizations to choose from, it’s important for buyers to understand the differences between attack surface management and vulnerability management, including where those functions may overlap.
To better understand these distinctions, it’s important first to understand what we mean when we talk about an organization’s attack surface.
What is the attack surface?
The attack surface is the collection of assets in an organization, whether they are physical or digital, known or unknown, by which an entity could gain unauthorized access to data or systems. Security teams must take into account the attacker's point of view when protecting their organization; identifying their cyber assets to understand the attack surface is the foundation of any security program.
An organization's attack surface changes dynamically as cloud resources are spun up and retired, pull requests and commits are made regularly to code repos, employees onboard and off-board from the organization, and vendors are added or removed from their portfolio and environments. As security teams choose to partner with business functions, it is critical to enable autonomy while monitoring the attack surface as it fluctuates.
What is attack surface management?
Attack surface management is the practice of continuous asset discovery, inventory, classification, and prioritization of asset value to the organization The vulnerability management process plays a role in the broader attack surface management approach. By taking an attacker's perspective to an organization's environment, teams model various attack paths to the ‘crown jewels’ and mitigate risk in accordance with the organization's risk appetite.
The attacker's point of view also drives a more holistic approach to the organization's cybersecurity practices compared to the narrower scope of vulnerability management, which we’ll cover later in this article.
Continuously monitoring and assessing the organization’s digital assets and infrastructure is central to attack surface management. As technology has evolved, attack surface management has evolved as well, growing from manual processes into powerful solutions, like JupiterOne, that automate many of the steps required for comprehensive attack surface management.
How do attack surface management and vulnerability management differ?
Vulnerability management is the practice of identifying, classifying, prioritizing, and remediating weak points in your systems and applications that can be otherwise exploited. These vulnerabilities can be cloud or system misconfigurations, out-of-date or unpatched software or applications, missing user credentials, or unencrypted data - just to name a few possibilities.
Historically, vulnerability management focused on the immediate impact of a vulnerable asset and ignored the interconnectedness of systems. While prioritizing vulnerabilities using some form of scoring helps teams understand the severity of the issue, it does not help teams communicate across business functions to emphasize the importance of fixing the issue. It should be no surprise that the average organization has 830,639 findings on potential security risks to worry about..
To be effective in this rapidly changing landscape, security teams must transition from chasing alerts to engaging other business departments to become responsible for their own security issues. This requires communicating those security issues with the proper business context and risk management evaluation.
In contrast to the narrow perspective of vulnerability management, attack surface management takes a more holistic approach to provide sufficient business context and prioritize the never-ending backlog of security issues. Instead of being a gatekeeper to business growth and innovation, security teams must evaluate a fast-changing attack surface in real-time and target risks based on what presents the most risk at the moment.
The JupiterOne Solution
"Defenders think in lists. Attackers think in graphs."
- John Lambert
JupiterOne is the unified asset analysis platform for cybersecurity that provides the total asset visibility security teams require to see and secure their dynamic attack surface. JupiterOne goes beyond basic asset management by collecting and mapping data across the entire digital environment, including IT infrastructure, identity, vulnerability scanners, endpoint protection, and code management. This data model is the foundation to managing the attack surface at scale in three repeatable steps:
- Query for security gaps at scale. Security and IT teams use JupiterOne’s query engine to analyze connections they have between assets, owners, findings, and controls in their environment, and discover insights that are virtually impossible to find by any other means.
- Alert and enrich workflows. Queries are easily turned into triggers for alerts so teams can get notified when a gap is detected. Instead of adding to the noise from other tools, JupiterOne queries can distill the noise and prioritize only the most urgent issues based on business context. Actions can then be created with JupiterOne data appended so the owner of the fix has all the information they need to act.
- Monitor trends. Turn queries into widgets for dashboards to share with leadership and other teams. Monitor security posture down to specific cohorts of data as you refine remediation processes and expectations with other teams.
Customers can ‘splice and dice’ their data by business unit, business criticality, data sensitivity, business purpose, or however their business chooses to organize and tag their assets. They can also maintain continuous compliance since all of their asset data is mapped to out-of-the-box compliance standards, like PCI-DSS, CIS, ISO 27001, NIST, HIPAA, SOC 2, and custom user-defined standards to automate evidence collection and show that compliance is the consistent adherence to the security controls put in place.
As your infrastructure and business processes change, use JupiterOne to quickly identify and address security gaps. Request a demo today to see it in action.