Attack surface management (ASM) has rightly become a major priority for business leaders and digital defenders alike. The number of connected things is growing, and that means attackers have far more entryways into your networks and systems. With ASM, you can respond proactively to threats to stop them before they start.

What is ASM?

So, what is attack surface management, exactly? And what is the attack surface, for that matter? An attack surface is simply the sum of potential digital doorways through which attacks may occur — all possible risks.

These could include email servers, Internet of things (IoT) devices, network devices, partners, hidden code from threat actors and many other online ‘things.’ A proactive cyber attack surface management program starts with knowing your specific case. What is contained in the full inventory of your attack surface? Within that assessment you’ll need to formally estimate your risk and note potential exposure for each asset.

How to Get Proactive With ASM

External attack surface management often involves cutting down on entry points, access and privilege, running code, internet facing apps, apps and services and more. But you can’t reduce until you know what’s there. First, you’ll need to thoroughly discover, inventory, classify and assign a risk score to all knowable assets.

That also includes assets owned by third-parties like contractors, suppliers, partners, cloud providers and others. The rise in remote work can complicate both IT asset inventory and the reduction in attack surface. But the rise in attacks that exploit remote work also shows the need for a renewed focus on ASM.

One of the great benefits of documenting and estimating the attack surface is that it enables a clearer, more realistic cost-benefit analysis of each asset. With unlimited staff, time and money, you could expand the attack surface forever and still stay safe. In the real world, none of those are infinite. Instead, you can improve defense by shrinking your attack surface, then applying your resources to the remaining surface.

And, it’s more than just shrinking the surface. It’s also about streamlining and optimizing.

1. You’ll want to simplify, segment your network and maintain control over endpoints.
2. Combine tools.
3. Remove needless access.
4. Place deadlines on access where possible.
5. Follow up with employee changes and exits to remove or change access as needed.
6. Focus on privileged accounts.

And, all this action must be prioritized with strong analytics. No part of this is a one-time event. Because assets are always in flux, ASM is ongoing — including discovery, inventory, risk analysis and all the rest. Real-time attack surface insight is everything, and ASM can help.

Download the Total Economic Impact of IBM Security Randori

Working Within Best Practices

It’s worth noting that some of ASM is really just best practices in security — here, you’ll see familiar threat modeling, hunting and closing doors. The most exotic part is shrinking the attack surface. This involves some new thinking and exploring what can be removed, combined or changed. And the process by nature calls for working with outside managers, leaders and teams.

It also calls for being able to talk about ASM persuasively. It may not be easy to understand for every stakeholder. But they need to understand it, since they will be called upon to do things differently as the result of attack surface reduction.

How to Get Buy-In for Attack Surface Management

As part of this communication process, it helps that ASM is not just about security — a field that can seem abstract and remote to leaders in other departments — but also global and national standards. With people focused on their own urgent deadlines, the idea of changing how everyone works just in case an attack happens can present an uphill battle. However, more and more businesses need to remain compliant with regulations, since the lion’s share of that requires ongoing ASM.

The craft of ASM calls for people skills — getting buy-in from leaders and help from management. And, everyone involved must be organized. The constant inventory taking and analysis of thousands, hundreds of thousands or millions of assets calls for advanced tools and strong organizational systems.

The Attack Surface Management Mindset

Above all, ASM is a mindset, a part of workplace culture. And, so the attack surface management issue — so central to security experts but so abstract to others — needs to be part of training and everyday work. And this is even more true in the remote work era, where employees are largely managing their own networks and tools and making decisions every day, all day that impact the attack surface that touches their coworkers.

The growth in the tech world has transformed and enhanced business through the development of faster networks, hybrid cloud computing, the IoT and letting more employees work from home. But growth has also massively increased the attack surface. So, we need proactive management for this attack surface to keep pace.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today