Attack Surface Management Evolution and Beyond

BreachLock Attack Surface Discovery Blog Series (4 of 6)
Guest Author: Dr. Edward Amoroso
Chief Executive Officer, TAG Infosphere
Research Professor, NYU

Externally exploitable enterprise cyber risk was originally viewed through the lens of the perimeter gateway. This made perfect sense, since this was the chokepoint means by which services were delivered from (or into) the enterprise. While firewalls served as a good initial control point to police the gateway, this became more difficult as the perimeter expanded with remote access, outsourced services, email services, third-party access, and so on.

The result was that the perimeter gateway expanded into what is now referred to as an attack surface, and the process of managing this surface is a major aspect of modern enterprise cybersecurity. As one might expect, such evolution did not stop with such network expansion and in fact continues to this day. Reviewing the continuing evolution of attack surface management is thus essential to developing proper security solutions for enterprises.

How the Attack Surface is Managed

Today, organizations have converged on a set of functional requirements for how an attack surface is managed. These arose from the practical day-to-day challenges of dealing with rapidly evolving business needs, which expand the attack surface with new inbound and outbound services, as well as a rapidly advancing malicious adversary. This has created the circumstances where the attack surface emerges as the point at which the offense meets the defense.

As a result, it is critical for organizations to get their attack surface management right – and this demands attention to a number of existing and also new functions that provide prevention, detection, and response to indicators and other evidence of attack. Below are some of the key functions that are generally included in the attack surface management capability set for an enterprise:

• Attack Surface Visibility – In order to protect an attack surface, there must be visibility into the services it allows inbound and outbound. Most teams have tended to struggle with blind spots in an attack surface, which is where methods such as PTaaS can be effective.
• Attack Surface Discovery – To achieve full attack surface visibility, security tools and methods must be in place to identify exposed assets. Over time, this data can be extrapolated to draw new patterns, leading to the discovery of shadow IT and assets owned by third parties that are indirectly contributing to your attack surface.
• Attack Path Identification – By analyzing attack surfaces, security teams can pinpoint potential attacker entry points (e.g., open ports, misconfigurations and weak authentication). These data points can help teams understand where adversaries could strike.

The bottom line is that attack surface management has emerged as a critical function in the modern enterprise security ecosystem. As one would expect, this challenging task cannot be supported through manual processes, and in most environments, especially complex networks, the task requires partnership with the best commercial vendors to ensure readiness for the most advanced and evolving threats.

How the Attack Surface Management is Evolving

The evolution of attack surface management clearly tracks two areas: First, there is the increasing complexity of enterprise business, particularly in how it interacts with external entities such as third-party suppliers, business partners, and customers. And second, there is the expanded security threat, which makes cyber threats so much more likely and consequential to an organization.

As a result, creative methods such as penetration testing play a pivotal role in advancing the coverage and control necessary to maintain visibility and insight into the entire attack surface. Without penetration testing as a component of attack surface management, it becomes too easy for subtle holes to go unnoticed by the defense, only to be detected and exploited by a malicious adversary.

How BreachLock Supports Attack Surface Management

Commercial cybersecurity vendor BreachLock offers excellent support for teams focused on optimizing their attack surface management. By combining automated and manual testing techniques, BreachLock ensures a thorough assessment of an attack surface. Their approach leverages advanced AI-driven tools to identify gaps in an attack surface, to complement tools that might be in place to highlight and scan an attack surface.

To read the full blog series, download the eBook here.

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming.

Elevate your defense strategy with an attacker’s view that goes beyond common vulnerabilities and exposures. Each risk we uncover is backed by validated evidence. We test your entire attack surface and help you mitigate your next cyber breach before it occurs.

Know your risk. Contact BreachLock today!

About TAG

TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to deliver on-demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science/sustainability.