How does ASM prevent cyberattacks? (Attack Surface Management)

Deepak Gupta February 10, 2022
Updated 2022/02/10 at 3:04 PM

How does attack surface management prevent cyberattacks? – ASM (Attack Surface Management)

The large-scale adoption of cloud installations and the subsequent proliferation of organizations’ networks, combined with the recent migration to remote working, has resulted in a massive expansion of theASM (Attack Surface Management) organizations and have led to an increasing number of blind spots in connected networks. architectures.

The unexpected results of this ASM expanded with fragmented surveillance have been a marked increase in the number of successful cyberattacks, most notoriously ransomware, but also covering a range of other attack types. The main issues are the unmonitored blind spots used by cyber attackers to penetrate organizations’ infrastructure and escalate their attack or move laterally in search of valuable information.

The problem lies in discovery. Most organizations have moved faster than their ability to track all the moving parts involved and catch up to cataloging all past and present assets is often seen as a complex and resource-intensive task with few immediate benefits.

However, given the potential cost of a successful breach and the increased ability of cyber attackers to identify and use exposed assets, leaving even one unattended can result in a catastrophic breach.

This is where emerging technologies such as attack surface management (ASM) can be invaluable.

What is Attack Surface Management (ASM)?

ASM is a technology that exploits Internet data sets and certificate databases or emulates attackers performing reconnaissance techniques. Both approaches aim to perform a comprehensive analysis of your organization’s assets discovered during the discovery process. Both approaches include scanning your domains, subdomains, IPs, ports, shadow IT, etc., for internet-connected assets before scanning them for vulnerabilities and security holes.

Advanced ASM includes actionable mitigation recommendations for each uncovered security vulnerability, ranging from cleaning up unused and unnecessary assets to reduce the attack surface to warning individuals that their email address is readily available and could be exploited for phishing attacks.

ASM includes Open-Source Intelligence (OSINT) reports that could be used in a social engineering attack or phishing campaign, such as publicly available personal information on social media or even material such as videos, webinars, public speeches and conferences.

Ultimately, the goal of ASM is to ensure that no exposed asset is left unattended and to eliminate any blind spots that could potentially turn into an exploited entry point for an attacker to gain a foothold in your system.

Who needs ASM?

In his webinar on the state of cybersecurity effectiveness in 2021, cyber evangelist David Klein directly addresses the concerning findings that have been uncovered by the adoption of ASM by Cymulate users. Without their knowledge, before executing ASM :

  • 80% had no SPF anti-spoofing email records
  • 77% had insufficient website protections
  • 60% had exposed management accounts, infrastructure and services
  • 58% had hacked email accounts.
  • 37% used externally hosted Java.
  • 26% had no DMARC records set up for the domain.
  • 23% had an SSL certificate host mismatch.

Once identified, these security vulnerabilities could be closed, but the worrying factor is the extent of exposure unknown prior to their identification.

The users ASM (Attack Surface Management) in this analysis come from a wide range of verticals, geographies, and organization sizes. This indicates that anyone with a connected infrastructure will benefit from the adoption of ASM (Attack Surface Management) as an integral part of its cybersecurity infrastructure.

Where can I find ASM?

Although the technology is still new, there are a growing number of providers ASM (Attack Surface Management). As always, it is more efficient to consider adding of ASM as part of a more developed platform rather than a standalone product.

Orientation of a solution ASM (Attack Surface Management) is partly dictated by the orientation of the basket of products with which it is associated. As such, a solution ASM associated with a reactive suite such as Endpoint Detection and Response (EDR) is more likely to be based on extensive scanning capabilities, whereas a solution ASM included in a proactive platform such as Extended Security Posture Management (XSPM) is more likely to focus on leveraging analytical capabilities to develop emulation of cyber attacker recognition techniques and tools.

The selection of a ASM integrated makes it easier to centralize data related to the organization’s security posture in a single window, reducing the risk of data overload for SOC teams.

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *