The widespread use of cloud facilities, the rapid development of the organization, and the way to turn to the distance, directly leading to a large expansion of the organization attack surface, and the blind spot in the connection architecture increases.
Attack surface expansion, plus monitoring dispersion, brought people unwilling to see: Successful network attacks have increased significantly. In addition to the notorious lesso software, the attack also covers a series of other types. The main problem is that network attackers use unmanned blind spots to destroy the organization’s infrastructure, and the attacks are upgraded or transversely migrated to seek valuable information.
Discovery attack is the problem. Most organizations have developed rapidly, but the ability to track all changes has not been kept. To catch up with the past and catalog all the past and existing assets, this task is often considered to be in vain, very complex and resource.
However, in view of the potential cost of successful invasion, and any asset is not monitored by any assets that the ability to identify and use exposed assets can lead to catastrophic consequences.
This is also the land of emerging technology such as attack surface management (ASM).
What is an attack surface?
Attackers refers to all hardware, software, saqs, and cloud assets that access processing or store data over the Internet, or it can be considered to be used by network criminals to manipulate the network or system to extract data. Attackers include:
Known Assets: Inventory and Management Assets, such as corporate websites, servers, and content depending on their operation; unknown assets: shadow IT or isolated IT infrastructure, these infrastructure exceeds the security team’s permission range, such as forgotten Development website or marketing website; rogue assets: malicious infrastructure initiated by threats, such as malware, domain names, or pretending domain names or mobile applications, etc. Fourth-party suppliers also introduce major third-party risks and fourth-party risks. Even small suppliers may also lead to large-scale data leakage.
What is attacking surface management (ASM)?
ASM is a technique for excavating Internet data sets and certification databases, or analog attacker reconnaissance means. Both of these methods are intended to conduct comprehensive analysis of organizational assets found during the investigation, including scanning domains, subfields, IP, ports, shadow ITs, etc. to troubleshoot the Internet-oriented assets, then analyze them to find vulnerabilities And safety hazards.
Advanced ASM includes providing a feasible resolution suggestion for each exposed security hazard, such as cleaning unused and unnecessary assets to reduce the attack surface, or a warning for individuals, informing its email address, can be used for network fishing attacks at any time.
ASM also includes reporting on open source intelligence (Osint), including personal information disclosed in social media, even video, online seminars, public speeches and conferences, may be used in social engineering attacks or phishing Activity.
Attack surface management is very important, it helps prevent and mitigate the risks from the following:
Legacy, Internet of Things and shadow IT assets; phishing and data leaks, etc. Scale attack; infringement of intellectual property; IT assets inherited from M & A activities; supplier management assets.
All in all, ASM’s goal is to ensure that all exposed assets are in monitoring, and any blind spots that may be used by attackers to enter the enterprise system.
Who will need ASM?
At a network seminar on the “2021 Network Safety and Validity Status”, “Network Brigade” David Klein briefly talked about the discovery of Cymulate users who did not pay attention before ASM. Before using ASM, they were not realized that in this group:
80% No anti-fraud SPF mail Record 77% Website lack of protection 60% exposed account, infrastructure and management services 58% mail account has been hacked 37% Using external hosted Java26% without domain name DMARC record 23% SSL Certificate does not match the host name
Once people recognize that these security vulnerabilities can be compensated, but before this, this type of exposure vulnerability is so do not know what to know.
The ASM users in this analysis come from a large number of vertical industries, all of which are parts and organizations. This also shows that any organization with connected infrastructure should include ASM into its network security infrastructure and then benefit from this initiative.
Where can I get ASM?
Although ASM technology is still very new, the number of suppliers is increasing. Similarly, consider incorporating ASMs into an advanced platform rather than independent product.
The focus of the ASM solution depends on the product system associated with it. Therefore, based on the expansion scanning capability, the ASM solution associated with endpoint detection and response (EDR) and other responder is more likely, and the ASM solution inside the active platform (such as extended security management (XSPM)) is included. It is more likely to focus on using scanning capabilities to disconnect the anticnections and tools of the analog network attackers.
Selecting integrated ASM helps to reduce the data over a single virtual management platform involving the security status of the organization, thereby reducing the risk of the Security Operation Center (SOC) team data overload. Research institutions forrester lists several suggestions for ASM applications in the Attack Surface Management Report: ASM is not considered to be a tool or capabilities, but should be a plan for tool empowerment, and it should take advantage of each other The conflict team is condensed. If the organization strives to achieve the expected state of the application and infrastructure dependency map, let the ASM planned goals more visibility, and improve observability, and will be a key means to achieve this expected state, you can unify security , Technology, business leaders and team members, which is definitely unable to do vulnerability risk management and internal patch service level agreements (SLA).
Attacker management is a very high cost-effective safe job for organization. Effective convergence attacks allows organizations to minimize the security risks of external exposure to external exposure in the case of investing at the lowest cost. For medium large networks, systematic, automated attack surface management can be achieved by self-built or procurement security policy management platform.
Reference link: https: //thehahackernews.com/2022/02/how-attack-surface-management-preempts.html