External Attack Surface Management: How Focusing on Basics Improves Security
External attack surface management (EASM) has become a vital strategy for improving cybersecurity, particularly amid recession fears that have stressed the business landscape across several sectors for many months. The task is now more challenging: According to a report by cyberinsurance provider Beazley, network attacks rose in the first quarter of 2023.
This uptick highlighted the importance of focusing on the basics of cybersecurity, something many companies think they’re doing right but where they often miss the mark. A board of directors may be under the impression that IT management has all its bases covered, but a chief information security officer (CISO) knows plenty is missing because the team doesn’t have the visibility it needs.
It’s here where most organizations need to start—you can’t protect assets you aren’t aware of. According to a Trend Micro study, 73% of organizations worried about their growing attack surface, and 43% admitted it’s “spiraling out of control.”
Instead of buying shiny new security toys like next-generation firewalls, security teams would be better served by taking inventory of their assets and understanding their attack surface. Managing the attack surface helps optimize security programs and standardize asset inventory so the entire organization has a single source of truth.
The ultimate goal is to reduce your attack surface and, in turn, reduce attackers’ opportunities. Here are three tips to reach that goal and better protect your network from external threats.
Identify Your Attack Surface
The traditional network had a few ranges of IP addresses and servers on-premise. Ten years ago, you may have only used a port scanner and vulnerability scanner to assess your external risk.
That’s not how the world works anymore.
A rise in remote work and cloud computing has obliterated the idea of a traditional perimeter. Instead of just what’s on-premise, you need to worry about much more these days. Organizations could have hundreds or even thousands of internet-facing assets to account for, and the rise of shadow IT shows that security teams likely don’t know about all of them.
Automated services can scan your network and create a database of all the assets associated with a domain. Compile and centralize the results to get the total view of your attack surface in one location.
Organize Your Assets
Here comes the tricky part. Start by categorizing assets and understanding what they are and what purpose they serve. Once you get an accurate overall picture, you need to start deciding what stays and what goes.
That decade-old web application still sitting on the network that’s never used? That should go. Decommissioning unnecessary assets eliminates entry points attackers could leverage and makes the attack surface easier to secure.
As for what stays, a security team can’t be responsible for everything. Determine who owns each asset and who is responsible for its maintenance and protection. This includes assigning accountability for fixing any identified vulnerabilities. Now there’s an action plan behind those assets you’ve deemed necessary to keep.
Find and Fix the Issues
Conduct regular vulnerability assessments and manual penetration tests to identify potential weaknesses in your network. Many vendors offer automated vulnerability assessments, which often only catch the low-hanging fruit. A manual penetration test from an experienced practitioner can unearth some common vulnerabilities attackers usually salivate over and automation misses.
Managing the information from these tests can be a challenge. Traditional pentesting often results in a lengthy PDF report that is difficult to navigate and act upon. It typically creates an inefficient conversation with the pentester asking how to remediate some issues. If the same vendor does both the manual and automated scans, you may be able to retest those vulnerabilities quickly with one click of a button.
As organizations are asked to do more with less, they’re left to navigate a more challenging landscape of increasing cyberthreats. EASM is the strategy that can break through the complexity with a return to the fundamentals. These basics have always been the crux of a mature cybersecurity posture and are especially critical as attack surfaces grow naturally with an organization and attackers are increasingly targeting networks.