Back
How to Improve Your Attack Surface Management Strategy
NetSPI employs many former CISOs and security leaders, myself included. When discussing the challenges that we faced in those roles, we all agreed that one of the greatest challenges was keeping up with constant change to our attack surface.
New things pop up on the external network all the time, often without IT awareness. And it’s up to security leaders to keep track of all assets AND understand the risk of every exposure. In other words, keeping up with the rapidly evolving external attack surface is not for the faint of heart.
To help, NetSPI launched Attack Surface Management, a platform-driven, human delivered offering that mitigates attack surface risks. Pulling from lessons learned during the R&D of Attack Surface Management (ASM), I want to share some advice on how you can adjust your cyber attack surface management strategy to ultimately keep pace with the rate of change security leaders are experiencing today.
What is Attack Surface Management?
First, it’s important to understand what the attack surface is.
An attack surface is an accumulation of all the different points of entry on the internet that stores your organization’s data (external-facing assets). This includes your hardware, software, your digital assets uploaded to the cloud, and much more.
Attack surface management provides continuous observability and risk assessment of your organization’s entire attack surface. When coupled effectively with continuous penetration testing, it helps organizations improve their attack surface visibility, asset inventory, and understanding of their assets and exposures.
Attack Surface Management Use-Cases
Through the attack surface, adversaries can exploit exposures to identify vulnerabilities that will give them access to your organization. If the threat actors are successful, the outcomes may vary, but are undoubtably negative. Those outcomes could include:
- Deployment of malware on your network for the purposes or ransomware, or even worse killware.
- Extraction of employee data such as social security numbers, healthcare data, and personal contact information, which could become a nightmare for privacy teams as privacy legislation across the globe continues to grow.
- Threaten to block access to your financial records with ransomware, then hold you hostage for more not to publicly disclose that data.
You can incorporate an attack surface management solution to detect known, unknown, and potentially vulnerable public-facing assets, as well as changes to your network. Effective asset management and change control processes are challenging, and even the most well-intentioned organizations often see this as an area of opportunity for improvement. Common reasons organizations invest in attack surface management include:
- Continuous observability and risk management
- Identification of external gaps in visibility
- Discovery of known and unknown assets and Shadow IT
- Risk-based vulnerability prioritization
- Assessment of M&A and subsidiary risk
Explore additional attack surface management use-cases: Download our data sheet.
3 Ways to Improve Your Attack Surface Management Strategy
As I noted earlier, attack surface management is not for the faint of heart. The volume of data many technology-based external attack surface management (EASM) solutions generate can be hard to consume and even harder to make actionable. But there are three ways you can improve your strategy to minimize risk and better secure your organization.
Incorporate Human Expertise
Most of today’s attack surface management solutions are heavily reliant on technology. But what’s missing in the market are comprehensive solutions that intersect innovative technology with human intuition. Humans find vulnerabilities that tools miss and can provide business context to each exposure. There’s no replacement for human talent.
Additionally, many organizations rely solely on technology, but the reports scanners sent over generate noise for clients and contain many false positives. By adding manual exposure triaging to your attack surface management workflow, you can limit the noise and only focus on the exposures that matter most to your business.
At NetSPI, our ASM Operations Team pulls from its 20+ years of manual penetration testing expertise to provide the intuition and insight needed to help you prioritize the areas of weakness on your attack surface. We can provide you with additional context to determine next steps, help you triage exposure, evaluate the risk it poses to your business, advise your team on remediation strategies, and prioritize manual testing techniques to find business-critical vulnerabilities tools often miss.
Enable Always-on, Continuous Penetration Testing
An attack surface monitoring solution needs to manage risks to your attack surface via ongoing, continuous monitoring. If your current attack surface management solution is not truly continuous, or if you’re unable to effectively reason about the data the solution is generating, you’re giving adversaries ample time to find risky exposures before you do.
NetSPI helps your security teams stay on top of changes to your attack surface by providing a 24/7/365 ongoing assessment of your organization’s external-facing assets. This is achieved through our automated scan orchestration technology, Scan Monster.
We use a multitude of automated and manual methods including open source intelligence (OSINT) to identify data sources such as business entities, IP addresses, domains, employee information, and sensitive company data.
Coupling this technology with our human expertise provides a robust, around-the-clock attack surface management strategy gives you comprehensive visibility that enables you to effectively manage risk.
Prioritize Exposures Based on Risk
Many organizations today scan for external-facing assets and then send reports and alerts over without any context. This creates noise, and wastes time, money, and resources to parse through the data.
Attack surface management isn’t your day job. Cybersecurity leaders have an entire portfolio of controls to consider and solutions that just feed a torrent of data distracts you and your teams from focusing on the real threats to your business.
What are the critical risk factors that will affect the business? Who are the potential threat actors? Which vulnerabilities should I remediate first? Which exposures are most likely to be exploited?
NetSPI’s ASM Operations Team and our ASM platform will help you identify the answer to these questions. In the Attack Surface Management technology platform you can group assets based on risk using the tagging function to create a risk-based view of your attack surface.
You can also view your results over time to measure your ability to reduce risk. We deliver results to clients that are meaningful, validated, and help organizations understand the true risks on their attack surface. This way, you can prioritize your time and effort on critical exposures that matter.
NetSPI’s Attack Surface Management
So, how do you minimize risk and ensure full visibility of your attack surface? By integrating an attack surface management strategy that is human delivered, continuous, and risk-based.
We created our Attack Surface Management offering based on these three pillars – and we’re thrilled to formally launch it to the public today. Ready to learn more about our service and technology platform? Visit www.netspi.com/attack-surface-management.
