Attack surface management (ASM) has rightly become a major priority for business leaders and digital defenders alike. The number of connected things is growing, and that means attackers have far more entryways into your networks and systems. With ASM, you can respond proactively to threats to stop them before they start.

What is ASM?

So, what is attack surface management, exactly? And what is the attack surface, for that matter? An attack surface is simply the sum of potential digital doorways through which attacks may occur — all possible risks.

These could include email servers, Internet of things (IoT) devices, network devices, partners, hidden code from threat actors and many other online ‘things.’ A proactive cyber attack surface management program starts with knowing your specific case. What is contained in the full inventory of your attack surface? Within that assessment you’ll need to formally estimate your risk and note potential exposure for each asset.

How to Get Proactive With ASM

External attack surface management often involves cutting down on entry points, access and privilege, running code, internet facing apps, apps and services and more. But you can’t reduce until you know what’s there. First, you’ll need to thoroughly discover, inventory, classify and assign a risk score to all knowable assets.

That also includes assets owned by third-parties like contractors, suppliers, partners, cloud providers and others. The rise in remote work can complicate both IT asset inventory and the reduction in attack surface. But the rise in attacks that exploit remote work also shows the need for a renewed focus on ASM.

One of the great benefits of documenting and estimating the attack surface is that it enables a clearer, more realistic cost-benefit analysis of each asset. With unlimited staff, time and money, you could expand the attack surface forever and still stay safe. In the real world, none of those are infinite. Instead, you can improve defense by shrinking your attack surface, then applying your resources to the remaining surface.

And, it’s more than just shrinking the surface. It’s also about streamlining and optimizing.

1. You’ll want to simplify, segment your network and maintain control over endpoints.
2. Combine tools.
3. Remove needless access.
4. Place deadlines on access where possible.
5. Follow up with employee changes and exits to remove or change access as needed.
6. Focus on privileged accounts.

And, all this action must be prioritized with strong analytics. No part of this is a one-time event. Because assets are always in flux, ASM is ongoing — including discovery, inventory, risk analysis and all the rest. Real-time attack surface insight is everything, and ASM can help.

Working Within Best Practices

It’s worth noting that some of ASM is really just best practices in security — here, you’ll see familiar threat modeling, hunting and closing doors. The most exotic part is shrinking the attack surface. This involves some new thinking and exploring what can be removed, combined or changed. And the process by nature calls for working with outside managers, leaders and teams.

It also calls for being able to talk about ASM persuasively. It may not be easy to understand for every stakeholder. But they need to understand it, since they will be called upon to do things differently as the result of attack surface reduction.

How to Get Buy-In for Attack Surface Management

As part of this communication process, it helps that ASM is not just about security — a field that can seem abstract and remote to leaders in other departments — but also global and national standards. With people focused on their own urgent deadlines, the idea of changing how everyone works just in case an attack happens can present an uphill battle. However, more and more businesses need to remain compliant with regulations, since the lion’s share of that requires ongoing ASM.

The craft of ASM calls for people skills — getting buy-in from leaders and help from management. And, everyone involved must be organized. The constant inventory taking and analysis of thousands, hundreds of thousands or millions of assets calls for advanced tools and strong organizational systems.

The Attack Surface Management Mindset

Above all, ASM is a mindset, a part of workplace culture. And, so the attack surface management issue — so central to security experts but so abstract to others — needs to be part of training and everyday work. And this is even more true in the remote work era, where employees are largely managing their own networks and tools and making decisions every day, all day that impact the attack surface that touches their coworkers.

The growth in the tech world has transformed and enhanced business through the development of faster networks, hybrid cloud computing, the IoT and letting more employees work from home. But growth has also massively increased the attack surface. So, we need proactive management for this attack surface to keep pace.

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…