Light Dark
March 23, 2023 By C.J. Haughey 3 min read
Data Protection
Risk Management

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.

ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.

Understanding attack surface management

Here are some key terms in ASM:

  • Attack vectors are vulnerabilities or methods threat actors use to gain unauthorized access to a network. These vulnerabilities include vectors such as malware, viruses, email attachments, pop-ups, text messages and social engineering.
  • An attack surface is the sum of attack vectors that threat actors can potentially use in a cyberattack. In any organization, all internet-connected hardware, software and cloud assets add to the attack surface.
  • Shadow IT is any software, hardware or computing resource being used on a company’s network without the consent or knowledge of the IT department. Quite often, shadow IT uses open-source software that is easy to exploit.
  • Attackers use sophisticated computer programs and programming techniques to target vulnerabilities in your attack surface, like shadow IT and weak passwords. These cyber criminals launch attacks to steal sensitive data, like account login credentials and personally identifiable information (PII).
Read the Threat Index

Why is attack surface management important?

Security teams can use ASM practices and tools to prevent risks in the following ways:

  • Reduce blind spots to get a holistic view of your IT infrastructure and understand which cloud or on-premise assets are exposed to attackers.
  • Eliminate shadow IT to remove unknown open-source software (OSS) or unpatched legacy programs.
  • Minimize human error by building a security-conscious culture where people are more aware of emerging cyber threats.
  • Prioritize your risk. You can get familiar with attack patterns and techniques that threat actors use.

💡Related: Why You Need Attack Surface Management (And How To Achieve It)

How attack surface management works

There are four core processes in attack surface management:

  1. Asset discovery is the process of automatically and continuously scanning for entry points that threat actors could attack. Assets include computers, IoT devices, databases, shadow IT and third-party SaaS apps. During this step, security teams use the following standards:
      • CVE (Common Vulnerabilities and Exposures): A list of known computer security threats that helps teams track, identify and manage potential risks.
      • CWE (Common Weakness Enumeration): A collection of standardized names and descriptions for common software weaknesses.
  2. Classification and prioritization is the process of assigning a risk score based on the probability of attackers targeting each asset. CVEs refer to actual vulnerabilities, while CWEs focus on the underlying weaknesses that may cause those vulnerabilities. After analysis, teams can categorize the risks and establish a plan of action with milestones to fix the issues.
  3. Remediation is the process of resolving vulnerabilities. You could fix issues with operating system patches, debugging application code or stronger data encryption. The team may also set new security standards and eliminate rogue assets from third-party vendors.
  4. Monitoring is the ongoing process of detecting new vulnerabilities and remediating attack vectors in real-time. The attack surface changes continuously, especially when new assets are deployed (or existing assets are deployed in new ways).

You can learn more about the four core processes and how attack surface management works on the IBM blog.

How to get a job in attack surface management

Anyone who works in attack surface management must ensure the security team has the most complete picture of the organization’s attack vectors — so they can identify and combat threats that present a risk to the organization.

Hiring companies look for people with a background and qualifications in information systems or security support. The minimum expectations typically include the following:

  • Strong technical security skills
  • Strong analytical and problem-solving skills
  • Working knowledge of cyber threats, defenses and techniques
  • Working knowledge of operating systems and networking technologies
  • Proficiency in scripting languages, like Perl, Python or Shell Scripting
  • Experience with attack surface management and offensive security identity technologies.

Related: A leading attack surface management solution in action

What’s next in attack surface management?

Cyber Asset Attack Surface Management (CAASM) is an emerging technology that presents a unified view of cyber assets. This powerful technology helps cybersecurity teams understand all the systems and discover security gaps in their environment.

There is no one-size-fits-all ASM tool — security teams must consider their company’s situation and find a solution that fits their needs.

Some key criteria include the following:

  • Easy-to-use dashboards
  • Extensive reporting features to offer actionable insights
  • Comprehensive automated discovery of digital assets (including unknown assets, like shadow IT)
  • Options for asset tagging and custom addition of new assets
  • Continuous operation with little to no user interaction
  • Collaboration options for security teams and other departments.

With a good ASM solution, your security team can get a real cyber criminal’s perspective into your attack surface. You can find, prioritize and solve security issues quickly and continuously. Ultimately, a diligent attack surface management strategy helps protect your company, employees and customers.

Ready to reduce your attack surface? Become more cyber resilient today with IBM Security Randori Recon.

 |  |  |  |  | 
C.J. Haughey
Tech Writer

More from Data Protection
November 8, 2023

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature