A Primer On External Attack Surface Management (EASM)
Client trust is one of the largest assets a company can have. However, a rising trend in cyberattacks combined with lax oversight of a critical attack vector may put your organization, and your customers, at risk.
Increased adoption of online services and technologies has given rise to a new and ever-expanding attack surface that few organizations are prepared to defend.
What is an External Attack Surface?
Every public-facing asset your customers and employees access when interacting with your company online, whether owned and managed by your organization or by a third party, makes up your online ecosystem. This ecosystem represents your organization’s external attack surface.
The Rise of the External Attack Surface
When it comes to information security, the dominant strategy has been an in-depth defense of the perimeter by firewalls and internal networks. But what if the threat actors are not looking to breach this perimeter? Assets hosted outside of an organization’s firewall present a growing challenge to security teams. Assets deployed beyond this edge represent an external attack surface that can be used to target your organization.
This new digital footprint is far more expansive than the internal one, often by several orders of magnitude, as the interactions between employees, consumers, and businesses are increasingly happening online via web-based services and applications. The growth of this footprint has accelerated as enterprises undertake significant digital transformation initiatives.
Additionally, development of these services and applications often incorporate the products or capabilities of third-party vendors of services, code, infrastructure, or data. It doesn’t stop there. Many of those third parties have built their functionality on top of their own vendors. These third, fourth, and ‘Nth’ parties provide assets that are also part of your external attack surface, whether you know about them or not.
A New Cybersecurity Discipline: External Attack Surface Management
EASM is an emerging cybersecurity discipline that identifies and manages the risks presented by the internet-facing assets and systems. EASM refers to the processes and technology necessary to discover external-facing assets and effectively manage the vulnerabilities of those assets. Examples include servers, credentials, public cloud misconfiguration, and third-party partner software code vulnerabilities that could be exploited by malicious actors. The EASM lead tenant must have an exterior view of the company to identify and mitigate threats beyond the perimeter. Essentially, you are viewing your organization through the eyes of a hacker.
Given the potential damage to a company as a result of cyber attacks, many organizations are now incorporating EASM into their enterprise risk management strategies. Security teams are choosing more proactive approaches where known and unknown risks, vulnerabilities and assets are managed strategically rather than reacting to incidents on an ad hoc basis. For security teams achieve this, the EASM solution they select should provide the following:
Monitoring — Continuously scan externally a variety of environments (such as cloud services and external-facing on-premises infrastructures) and distributed ecosystems
Asset discovery — Discover and map unknown external-facing assets and systems in the organization
Analysis — Evaluate and analyze asset attributes to determine if an asset is risky, vulnerable or behaving in an anomalous manner
Prioritization — Utilize a multi-layered scoring system to reduce noise and prioritize risks and vulnerabilities based on criticality
Remediation — Provide action plans for the mitigation of prioritized threats as well as the remediation workflow or integration with solutions such as ticketing systems, incident response tools, and SOAR solutions.