Attack surface management (ASM) has rightly become a major priority for business leaders and digital defenders alike. The number of connected things is growing, and that means attackers have far more entryways into your networks and systems. With ASM, you can respond proactively to threats to stop them before they start.
What is ASM?
So, what is attack surface management, exactly? And what is the attack surface, for that matter? An attack surface is simply the sum of potential digital doorways through which attacks may occur — all possible risks.
These could include email servers, Internet of things (IoT) devices, network devices, partners, hidden code from threat actors and many other online ‘things.’ A proactive cyber attack surface management program starts with knowing your specific case. What is contained in the full inventory of your attack surface? Within that assessment you’ll need to formally estimate your risk and note potential exposure for each asset.
How to Get Proactive With ASM
External attack surface management often involves cutting down on entry points, access and privilege, running code, internet facing apps, apps and services and more. But you can’t reduce until you know what’s there. First, you’ll need to thoroughly discover, inventory, classify and assign a risk score to all knowable assets.
That also includes assets owned by third-parties like contractors, suppliers, partners, cloud providers and others. The rise in remote work can complicate both IT asset inventory and the reduction in attack surface. But the rise in attacks that exploit remote work also shows the need for a renewed focus on ASM.
One of the great benefits of documenting and estimating the attack surface is that it enables a clearer, more realistic cost-benefit analysis of each asset. With unlimited staff, time and money, you could expand the attack surface forever and still stay safe. In the real world, none of those are infinite. Instead, you can improve defense by shrinking your attack surface, then applying your resources to the remaining surface.
And, it’s more than just shrinking the surface. It’s also about streamlining and optimizing.
1. You’ll want to simplify, segment your network and maintain control over endpoints.
2. Combine tools.
3. Remove needless access.
4. Place deadlines on access where possible.
5. Follow up with employee changes and exits to remove or change access as needed.
6. Focus on privileged accounts.
And, all this action must be prioritized with strong analytics. No part of this is a one-time event. Because assets are always in flux, ASM is ongoing — including discovery, inventory, risk analysis and all the rest. Real-time attack surface insight is everything, and ASM can help.
Working Within Best Practices
It’s worth noting that some of ASM is really just best practices in security — here, you’ll see familiar threat modeling, hunting and closing doors. The most exotic part is shrinking the attack surface. This involves some new thinking and exploring what can be removed, combined or changed. And the process by nature calls for working with outside managers, leaders and teams.
It also calls for being able to talk about ASM persuasively. It may not be easy to understand for every stakeholder. But they need to understand it, since they will be called upon to do things differently as the result of attack surface reduction.
How to Get Buy-In for Attack Surface Management
As part of this communication process, it helps that ASM is not just about security — a field that can seem abstract and remote to leaders in other departments — but also global and national standards. With people focused on their own urgent deadlines, the idea of changing how everyone works just in case an attack happens can present an uphill battle. However, more and more businesses need to remain compliant with regulations, since the lion’s share of that requires ongoing ASM.
The craft of ASM calls for people skills — getting buy-in from leaders and help from management. And, everyone involved must be organized. The constant inventory taking and analysis of thousands, hundreds of thousands or millions of assets calls for advanced tools and strong organizational systems.
The Attack Surface Management Mindset
Above all, ASM is a mindset, a part of workplace culture. And, so the attack surface management issue — so central to security experts but so abstract to others — needs to be part of training and everyday work. And this is even more true in the remote work era, where employees are largely managing their own networks and tools and making decisions every day, all day that impact the attack surface that touches their coworkers.
The growth in the tech world has transformed and enhanced business through the development of faster networks, hybrid cloud computing, the IoT and letting more employees work from home. But growth has also massively increased the attack surface. So, we need proactive management for this attack surface to keep pace.