Securing your digital footprint - A guide to Attack Surface Management (ASM)

In the earlier days of cyber security, implementing controls could be done with a perimeter approach. A well-architected network with a properly configured firewall was deemed enough to keep cyber criminals out and users secure. Unfortunately, the perimeter has dissolved in today’s connected world.

Today we have remote workers connecting via VPNs, third-party vendors, hybrid cloud environments, mobile applications, etc., all acting as an extension of a corporate environment. A new strategy is needed to secure these multiple disconnected components, which is where Attack Surface Management (ASM) comes in.

How ASM works

Identifying and mitigating the risks of a company’s digital footprint can reduce its overall cyber security risk profile. ASM recognizes that there may be multiple potential entry points for cyber attacks and takes a proactive approach toward cyber security via the following steps:

1. Create a digital footprint: A critical first step in ASM is identifying all the assets, be it on-prem, cloud, corporate, BYOD, etc. Anyone of them can negatively impact the company’s security posture and must be inventoried and classified based on their criticality.

2. Assess security posture: Once the asset inventory has been compiled, risks associated with these assets must be identified via security assessments, vulnerability scanning, penetration testing, and so on. A key area to assess is cloud misconfigurations which can unintentionally lead to cloud infrastructure being exposed to attackers.

3. Attack path mapping: An effective way to assess the risk associated with each identified issue is to analyze it from an attacker’s perspective. Map the potential attack path that an attacker can take to exploit these vulnerabilities and compromise an environment. This process known as attack path mapping allows you to visualize each issue from an attacker's viewpoint and implement controls accordingly.

4. Network architecture: Network segmentation is a critical control in security that prevents attackers from laterally moving from non-sensitive to sensitive assets. By architecting the network appropriately, companies can remain secure even if an asset is compromised.

5. Security Monitoring and Visibility: Cyber security teams must have visibility into their assets and be able to respond in case of an incident. This also applies to vulnerabilities; if a server becomes vulnerable to a particular threat, there should not be a long time window between identification and remediation.

6. Third-party risk: Supply chains and third parties can be a significant blind spot for companies as they are often granted access within a network. Attacks like SolarWinds can bypass traditional defenses and give attackers open access to an environment. It is critical to ensure that Attack surface management covers this area and that third parties are assessed to ensure they meet your security baseline.

7. Employee Awareness: Users remain the weakest and most vital link in the cyber security chain. There is no defense better than a well-educated workforce hence ASM focuses on ensuring that employees are adequately educated and trained to detect cyber attacks.

Benefits of ASM

Appropriately implemented, ASM can result in several benefits to a company, such as the following:

• Improved security posture: By systematically monitoring your digital footprint to identify vulnerabilities, companies can significantly reduce the risk of cyberattacks and data breaches. All of the different aspects of ASM work together to mitigate any existing and new risks.

• Improved compliance posture: A side benefit of implementing an ASM approach is that it enables companies to easily demonstrate compliance with best practices like PCI DSS, HIPAA, GDPR, etc. Most of the tenets of ASM are based on these standards, and companies can benefit from an improved compliance status.

• Structured approach towards cybersecurity: In today’s connected work, environments are becoming increasingly complex. Adopting an ASM approach provides a structured and well-organized way to implement cyber security as per best practices and reduce complexity.

The way forward

ASM can be a game changer for a company’s security posture, but it is essential to understand that it is not a product to implement but a methodology. Implementing specific products within ASM processes and benefiting from a structured approach to mitigating cybersecurity risk is possible. Still, it is not the product that is the end goal. As environments increase in complexity, adopting an ASM-based approach can improve security with lower costs and complexity.