- Demonstrate NetSPI’s ASM platform capabilities
- Highlight cutting-edge new platform features
- Explore common ASM use cases
- Dive into customer success stories
If attack surface reduction and continuous pentesting is on your wish list, you won’t want to miss this!
[post_title] => Product Pulse: Demo of Attack Surface Management (ASM) [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-management-live-demo [to_ping] => [pinged] => [post_modified] => 2023-09-21 14:00:47 [post_modified_gmt] => 2023-09-21 19:00:47 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?post_type=webinars&p=30689 [menu_order] => 17 [post_type] => webinars [post_mime_type] => [comment_count] => 0 [filter] => raw ) [3] => WP_Post Object ( [ID] => 30607 [post_author] => 153 [post_date] => 2023-07-25 09:00:00 [post_date_gmt] => 2023-07-25 14:00:00 [post_content] =>As companies’ attack surfaces continue to expand and threat actors remain relentless, attack surface management (ASM) has grown to a rapidly emerging category in the cybersecurity space. Rather than organizations manually inventorying and protecting critical assets on their own, attack surface management tools provide continuous visibility and risk assessment of a company’s entire attack surface.
Teams looking to improve their offensive security efforts have many attack surface management tools to choose from, but most only provide standard asset discovery – such as the use of off-the-shelf scanners – and lack prioritization of actionable remediation efforts, resulting in alert overload.
We asked our team of attack surface management experts for their thoughts on which features security leaders should look for in ASM platforms to ensure they’re getting the best value and highest level of protection. The most effective attack surface management tools go beyond asset discovery by adding expert human analysis to prioritize alerts and remediation.
6 Must-Have Features in an Attack Surface Management Platform
As you weigh the pros and cons of various attack surface management platforms and tools, consider the following must-have features.
1. Ability to Comprehensively Discover the Unknown
Many attack surface management tools may only have the capabilities to discover known assets, such as IP addresses, domains, software, and other assets that the security team actively manages. However, finding and securing both known and unknown internet-facing assets is an essential capability for attack surface management tools.
Unknown assets may include those that lack awareness from the IT security team, unauthorized and unmanaged assets. There are a variety of causes for these gaps in known assets including shadow IT, misconfigurations, failed decommissions, and more. These gaps ultimately result in ineffective scan coverage and scopes for pentests, thus leaving your attack surface unmonitored and presenting a risk to your organization.
When you leverage an attack surface management platform like NetSPI, ASM engagements start with a list of known domains and IPs. Next, the search expands to related entities to uncover all assets tied to a company – including unknown assets. The Dynamic FAQs feature in NetSPI’s attack surface management platform shows how many IPs were initially provided, compared to how many public-facing assets were found.
2. Inclusion of Human Analysis to Prioritize Alerts
Our 2023 Offensive Security Vision Report showed that a lack of resources and prioritization are two of the top barriers to greater offensive security. Helping security teams with data-driven prioritization of remediation efforts eases the burden of decision-making.
Expert human analysis delivers the strongest cybersecurity results because pentesters provide context into alerts, which results in only alerting on high-impact vulnerabilities. Attack surface management tools that incorporate human analysis can leverage the team’s expertise to vet vulnerabilities before they’re added as alerts.
Manual pentesters review every exposure to contextualize it and determine whether they’re exploitable. This helps eliminate alert fatigue, drastically reduces the amount of work teams need to do, and enables teams to focus on meaningful remediation efforts.
As an example of this approach in practice, NetSPI addresses this with a Signal Dashboard to distill signal from noise. This dashboard highlights all the activities of the ASM Operations Team, so clients can understand what's happening behind the scenes even if they haven’t been alerted to new vulnerabilities in a while.
3. Ability to Track Attack Surface Changes Over Time
A key benefit of attack surface management is discovering attack surfaces that were previously unknown. A traditional approach to tracking attack surfaces has been manually tracking externally facing assets. However, because attack surfaces and threats can evolve and expand overnight, this approach isn’t enough to track changes and secure new attack surfaces that emerge throughout the year.
Rather than only performing annual pentesting, relying on a combination of external network penetration testing and comprehensive, continuous attack surface management enables organizations to track expanding attack surfaces and find vulnerabilities as they arise.
With the right attack surface management platform, once the initial report is complete and critical vulnerabilities have been addressed, the attack surface management platform performs regular evaluations of a company’s entire attack surface on an ongoing basis.
This inventories new attack surfaces as they arise and shows all data in one user-friendly platform.
4. Expertise to Develop New Features In-House Based on Customer Priorities
As cyber threats evolve and persist, security solutions also need to adapt to protect against the latest attacks and align with customers’ business needs. Working with customers is a two-way street for ASM vendors to advance technology capabilities.
The best attack surface management platform provider will listen to customers to help drive feature development and platform enhancements. Based on input from customers, a team of software engineers has the capability to update and build new features in-house.
When you work with NetSPI, you get incredible value through our technology and expert team, but one of the greatest benefits is that we are continually improving our platform to add more value every time you log in. Interested in learning more about our latest updates? Read our release notes.
5. A Clean, Easy-to-Use UX
As is the case with any product, software, or platform, attack surface management end users won’t settle for poor user experience (UX) or a clunky product with too many clicks to get to a destination. User-friendly design, easy to digest dashboards, and training materials at the ready are essential for the best attack surface management tools. Some platforms even have dark mode to meet anyone’s preferences.
6. Capabilities Beyond ASM into Related Market Categories
Features and capabilities that go beyond attack surface management and into related market categories are beneficial for organizations to continue evolving and advancing their offensive security strategies.
Additional capabilities to look for in an attack surface management platform include but aren’t limited to:
Partnering with a vendor like NetSPI that offers services such as these can help ensure you’re backed with the right mix of offensive security methods for your business.
Access the Most Important Attack Surface Management Features with NetSPI
Asset discovery with attack surface management is table stakes and the right vendors go far beyond this approach to provide the best possible offensive security solutions.
NetSPI’s attack surface management platform and solutions include human analysis to prioritize alerts, the ability to discover the unknown and track attack surfaces changes over time, capabilities to develop new features in-house, a user-friendly experience, and additional security services that go beyond ASM.
Want to hear about ASM from a third party? Gartner® provides recommendations on vendor capabilities in the report, Competitive Landscape: External Attack Surface Management. Take a look and then try our free Attack Surface Management Tool to search more than 800 million public records for potential attack surface exposures.
As businesses scale, the number of employees, assets, and platforms continuously expand, giving adversaries many pathways to gain entry to networks and environments. To mitigate risks as the world becomes increasingly connected, prioritizing attack surface reduction is critical.
Attack surface management (ASM) results in attack surface reduction because it identifies unknown or vulnerable parts of an attack surface allowing security teams to address these risks. Attack surface reduction, when aligned with business needs, decreases opportunities for threat actors to find and exploit an unmanaged or weak asset while enabling the business to grow securely.
Gain a Shared Understanding of Assets versus Exposures
According to Forrester, attack surface management is defined as, “the process of continuously discovering, identifying, inventorying, and assessing the exposures of an entity’s IT asset estate.” Recognizing the difference between assets and exposures is an important part of ASM security.
Assets include IP addresses, domains, ASNs, and cloud accounts. When assets are unmanaged or unknown, they are a more susceptible target and at a higher risk for vulnerabilities.
Exposures are risks that exist on assets and can also pose a cybersecurity risk for organizations. Exposures include open ports, SSL certificates, and vulnerabilities.
The Difference Between Known versus Unknown Assets
As businesses grow and adapt to change, their attack surface grows as well. Without proper asset tracking, this can increase the number of unknown external assets.
Understanding the difference between known versus unknown assets, also sometimes referred to as managed versus unmanaged assets, can improve attack surface reduction. Known assets include IP addresses, domains, cloud accounts, ASNs, and other assets that the IT security team is aware of and actively manages.
On the other hand, unknown assets include those that are unauthorized or unmanaged by the IT department, and thus can pose a significant risk to the business. Some challenges related to unknown assets include:
- Shadow IT: Access to or use of technology, hardware, or software that is outside an organization’s security governance processes and unknown by the IT department—known as shadow IT—can lead to vulnerabilities and exposures. Examples of shadow IT include sharing work files to personal drives, email addresses, or cloud storage accounts.
- Misconfigurations: Security teams are unable to accurately detect misconfigurations and other weaknesses present in unknown assets, which increases the risk of breaches and other attacks.
- Ineffective scan coverage: When assets are unknown, organizations can’t effectively prioritize scan results to detect and remediate vulnerabilities.
3 Tactics to Support Attack Surface Reduction with ASM Security
1. Prioritize attack surface mapping
Attack surface mapping is part of any strong ASM security strategy and refers to identifying all assets and the total scope of an organization’s attack surface, as well as potential exposures, and a plan to prioritize and remediate risks. Mapping involves continuous attack surface discovery, which inventories all existing attack surfaces including both known and unknown assets.
With a full understanding of the total attack surface scope, an organization can perform an attack surface assessment, which scans known business domains and IP addresses to identify threats and vulnerabilities. The key to effective attack surface assessments is pairing data analysis with expert human evaluation to ensure alerts are prioritized based on the overall risk to an organization.
2. Continuously manage attack surfaces
With traditional approaches to cybersecurity, many organizations complete manual penetration testing once or a few times a year to keep up with compliance regulations. However, new external assets can come into ownership overnight, and threat actors are increasingly sophisticated in their methods of attack, meaning an annual pentest, while valuable, isn’t enough to protect against emerging threats.
Instead, ASM security that includes continuous monitoring and evaluation keeps attack surface sprawl in check and helps organizations avoid giving adversaries the opportunity to find new attack surfaces and risky exposures. Assessing and managing your attack surface, including new cloud assets, on a consistent basis using a combination of external network penetration testing and an attack surface management platform, can help your team stay ahead of the latest threats.
3. Deactivate unused assets or attack surfaces
Unused assets unnecessarily expand attack surface sprawl, increasing the number of assets that can fall victim to vulnerabilities. Examples of unused assets may include infrastructure that was scheduled for decommission but never was decommissions, untracked asset remnants from mergers and acquisitions, and assets that are no longer actively used for example.
To achieve attack surface reduction, partner closely with a cybersecurity team or attack surface management vendor to evaluate assets or attack surfaces that can be deactivated.
Improve ASM Security with NetSPI’s Free Attack Surface Management Tool
Comprehensive ASM security can help your business identify and manage attack surfaces to improve attack surface reduction. To ensure your ASM security is as effective as possible, leverage an attack surface management platform like NetSPI, which pairs human expertise with advanced software and data analysis. This helps your business prioritize the results of attack surface management analysis for the highest level of protection and best ROI on cybersecurity investments.
Test drive NetSPI’s free attack surface management tool to detect and protect both known and unknown assets. After all, you can’t manage assets you don’t know about. Test NetSPI’s ASM tool for free!
[post_title] => Discover the Unknown with ASM Security for Attack Surface Reduction [post_excerpt] => Attack surface reduction using ASM security is critical to mitigating risks by limiting opportunities for threat actors to exploit unmanaged assets. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-reduction [to_ping] => [pinged] => [post_modified] => 2023-07-14 16:17:52 [post_modified_gmt] => 2023-07-14 21:17:52 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30592 [menu_order] => 88 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [5] => WP_Post Object ( [ID] => 30588 [post_author] => 53 [post_date] => 2023-07-14 08:54:31 [post_date_gmt] => 2023-07-14 13:54:31 [post_content] =>In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM).
Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets and changes to your attack surface that may introduce risk. How? Through a combination of NetSPI’s ASM technology platform, their global penetration testing experts, and their 20+ years of pentesting expertise.
[wonderplugin_video iframe="https://youtu.be/K5rM3SV4LnE" lightbox=0 lightboxsize=1 lightboxwidth=1200 lightboxheight=674.999999999999916 autoopen=0 autoopendelay=0 autoclose=0 lightboxtitle="" lightboxgroup="" lightboxshownavigation=0 showimage="" lightboxoptions="" videowidth=1200 videoheight=674.999999999999916 keepaspectratio=1 autoplay=0 loop=0 videocss="position:relative;display:block;background-color:#000;overflow:hidden;max-width:100%;margin:0 auto;" playbutton="https://www.netspi.com/wp-content/plugins/wonderplugin-video-embed/engine/playvideo-64-64-0.png"]
[post_title] => Attack Surface Management: Identify and protect the unknown [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-management-help-net-security [to_ping] => [pinged] => [post_modified] => 2023-07-14 08:54:31 [post_modified_gmt] => 2023-07-14 13:54:31 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?post_type=webinars&p=30588 [menu_order] => 20 [post_type] => webinars [post_mime_type] => [comment_count] => 0 [filter] => raw ) [6] => WP_Post Object ( [ID] => 30348 [post_author] => 153 [post_date] => 2023-06-20 09:00:00 [post_date_gmt] => 2023-06-20 14:00:00 [post_content] =>As cyber risks grow, evolve, and become more sophisticated, traditional approaches to cybersecurity are no longer effective. According to research from Gartner, enterprises must move beyond vulnerability management to focus on threat exposure management as remote work, cloud storage adoption, and other factors expand organizations’ attack surfaces and potential vulnerabilities faster than threat detection and response controls can mature.
While attack surface management (ASM) doesn’t replace pentesting, a combination of external network penetration testing and ASM can help organizations enable continuous attack surface testing and more effectively focus cybersecurity resources on the most valuable remediation efforts.
What is Exposure Management?
From a broad perspective, exposure management is the practice of identifying and analyzing possible exposures and taking steps to minimize the impact of associated risks. While the term exposure management is used broadly in other industries, for the purpose of this article, we’re focusing on exposure management from a cybersecurity lens — also referred to as threat exposure management (TEM) or continuous threat exposure management (CTEM).
Exposure management in cybersecurity involves seeing the complete, accurate picture of an organization’s attack surface and being prepared to make the right decisions to prioritize remediation and effectively reduce overall cyber risk. The full attack surface includes all points of entry and external-facing assets that a cybercriminal could exploit to gain access to your company data—such as hardware, software, web applications, certificates, unsecured APIs, cloud assets, and much more.
The Growing Need for Exposure Management
Attack surfaces continue to expand in today’s connected environment, even overnight. The broader the scope of an attack surface and an organization’s digital footprint, the higher the risk of external assets facing vulnerabilities and exposures.
Another challenge with exposure management is that organizations often have unknown attack surfaces or assets. As highlighted by Forrester in its report, The External Attack Surface Management Landscape, Q1 2023, “You can’t secure what you can’t see.”
With a proactive approach to exposure management and the right attack surface management tools, organizations can identify previously unknown assets and attack vectors—before attackers do—to avoid exposures.
Top reasons exposure management is important include:
- Attack surface sprawl is increasing
- Unknown assets pose greater risks
- Threat actors are becoming more sophisticated
Why Companies are Prioritizing Continuous Attack Surface Testing
As both known and unknown attack surfaces expand, companies are increasingly using attack surface management tools to bridge the gap between vulnerability management solutions and manual penetration testing.
Traditionally, a common approach has been for organizations to perform penetration testing annually or a few times a year to meet compliance regulations. Following standard pentesting, at times little to no action is taken on the findings for months because security teams lack research-backed prioritization of which vulnerabilities to fix first. This trend is backed with research in NetSPI’s Offensive Security Vision Report, which concluded a lack of resources, aka people, is the number one barrier to timely and effective remediation.
Attack surfaces and threats can expand and change overnight. Completing only one pentest per year isn’t enough to secure your attack surfaces and protect against new exposures that emerge over the course of a year.
Instead of relying on periodic pentesting, leverage a combination of external network penetration testing and attack surface management tools to enable continuous, always-on pentesting. Keep pace with expanding attack surfaces and find vulnerabilities as they arise. As a result, organizations are better prepared to prioritize and focus their cybersecurity efforts.
How Continuous Attack Surface Testing Works
Here’s a step-by-step overview of NetSPI's process:
- NetSPI’s attack surface management platform identifies known and unknown assets to provide visibility of attack surfaces.
- Our human pentesters combined with our advanced scanning capabilities triage and prioritize exposures.
- For each vulnerability, our ASM operations team provides descriptions, remediation steps and verification steps.
- This prioritization reduces the number of false positives reported and creates actionable results for your security team.
How to Achieve Always-On Security with Continuous Pentesting
An always-on approach to pentesting is the gold standard for cybersecurity today. Attack surface management doesn’t replace external network penetration testing, but rather pairing the two together works in harmony to enable continuous coverage. This helps organizations achieve higher levels of security in today’s evolving threat landscape.
As an added benefit, from an operational standpoint, this approach also helps organizations with vendor consolidation. Providers such as NetSPI offer both attack surface management tools and external network penetration testing in-house. Businesses that partner with NetSPI have access to an expert team of manual pentesters who complete more than 250,000 hours of pentesting each year.
Enable Continuous Attack Surface Testing with NetSPI
Rather than replacing pentesting, attack surface management paired with manual external penetration testing is an advanced method for continuous attack surface testing. We created our attack surface management platform based on three key pillars of ASM—human expertise, always-on, continuous pentesting, and risk prioritization.
Leverage NetSPI’s attack surface management tool for expert human analysis to prioritize the most important exposures, bring alignment between security and IT teams, and focus vulnerability remediation efforts to create a better overall security posture. Try NetSPI’s ASM tool for free!
A novel 0-day vulnerability referred to as, “HTTP/2 Rapid Reset,” (CVE-2023-44487) sent the cybersecurity industry into quick action to minimize potential risks. This vulnerability abuses certain features of HTTP/2 protocol and allows for Distributed Denial of Service (DDoS) attacks at an unprecedented scale.
Explain It to Me Like I’m 5 (ELI5)
If your website or application uses HTTP/2, an attacker could completely restrict access by flooding your network with an overwhelming amount of traffic.
For additional insights, we connected with our Attack Surface Management (ASM) team to get their take on the CVE and learn more about their quick response to help security leaders with identification and remediation.
Who's Impacted?
Anyone who uses HTTP/2 services may be impacted. According to Web Technology Surveys, the services are used by 35.6% of all websites. That’s over 400 million websites vulnerable to this CVE.
What Could Happen If Exploited
The industry is seeing large-scale DDoS attacks stemming from exploitation of HTTP/2 Rapid Reset. The goal of a DDoS attack is to overwhelm a particular business, service, or application and keep it from being accessible to legitimate access requests from the intended users/customers.
This is extremely challenging to manage since the attacks come from compromised machines or ‘bots’ in a very distributed fashion, which makes blocking those requests using simple filtering techniques unrealistic. In other words, significant friction or inability to deliver services. We’re already seeing the exploit in action, with Google reporting that it had mitigated the largest ever DDoS attack to date.
Best Practices for Remediation
First, it is important to understand if and where you are using HTTP/2 to determine if you are affected. Mapping out a full view of the attack surface is often a challenge for teams because of attack surface sprawl and changes that can happen overnight.
As NetSPI’s Field CISO Nabil Hannan put it,
“It seems to me like the bigger challenge in this particular scenario is that organizations struggle to have an up-to-date asset inventory. Not only having an up-to-date asset inventory, but truly understanding what software components, what versions of packages, what type of bill of materials they have in those assets.”
This is where technology like Attack Surface Management is extremely helpful because it provides continuous asset discovery and monitoring.
The first step to take when addressing HTTP/2 Rapid Reset is to perform internal checks for HTTP/2 and all potentially vulnerable hosts or verify with your web server vendors. Patches and updates for common web servers and programming languages are available to apply now or will be coming soon.
In the words of NetSPI’s Research Engineer Isaac Clayton,
“Patch early, patch often.”
NetSPI’s Rapid Response to HTTP/2 Rapid Reset
For NetSPI’s ASM users, our team swiftly added capabilities to the platform to detect HTTP/2 and allow our clients to get a full inventory of all potentially vulnerable hosts.
Once a zero-day vulnerability was discovered, our Attack Surface Management team responded quickly to create automation for NetSPI’s ASM platform. This automation allowed our clients to establish an accurate inventory of their assets using HTTP/2.0 and focus their efforts on mitigation and remediation.
Our approach involved a fast response through active collaboration between our teams. We utilized our ASM operations team, a group of security professionals who proactively address vulnerabilities and verify risks for clients, as well as our software engineers and front-end developers.
We moved incredibly quickly to implement the solution and make it available for NetSPI’s ASM clients. This rapid response demonstrates how beneficial it is to have a full team supporting our clients and the ASM technology that helps them maintain security. One listener on our LinkedIn Live commented, “Wow!!! That’s fast given today’s response climate. From Rapid Reset to Rapid Response!” (Kudos to the ASM operations team for their fast response!)
Get a deeper look at CVE-2023-44487 - HTTP/2 Rapid Reset by watching our LinkedIn Live with NetSPI’s Field CISO Nabil Hannan and myself, Security Research Engineer Isaac Clayton. Learn more about our ASM solution including how to use it to run the check for HTTP/2 by contacting our team.
[post_title] => NetSPI’s Analysis of HTTP/2 Rapid Reset [post_excerpt] => Learn about HTTP/2 Rapid Reset (CVE-2023-44487) and see how Attack Surface Management detects HTTP/2 uses to streamline patches. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => netspi-analysis-of-http-2-rapid-reset [to_ping] => [pinged] => [post_modified] => 2023-10-13 11:53:29 [post_modified_gmt] => 2023-10-13 16:53:29 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=31238 [menu_order] => 54 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 7 [max_num_pages] => 0 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => 1 [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_favicon] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => b674e561f3838a33ac6b4580f4715a10 [query_vars_changed:WP_Query:private] => [thumbnails_cached] => [allow_query_attachment_by_filename:protected] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )