How to Identify Vulnerabilities on the Attack Surface with EASM

The external attack surface has become the top focus for cybersecurity professionals.

Three core factors that have influenced the renewed focus on critical risk prioritization and remediation of external vulnerabilities that form the attack surface of the organization:

1. The shift to remote and hybrid work.
2. The usage of the public cloud.
3. The unknown assets on company networks.

These changing paradigms have become the driver for the growing demand for a new solution called external attack surface management (EASM).

According to Gartner Research, “External attack surface management refers to the processes, technology and professional services deployed to discover internet-facing enterprise assets and systems and exposures that could been exploited by malicious threat actors. EASM is useful in identifying unknown assets and providing information about the organization’s systems, cloud services and applications that are available and visible in the public domain and therefore can be exploited by an attacker/adversary. This visibility can also be extended to the organization’s subsidiaries or third parties.”

Recent developments have seen growth and adoption of EASM, with both vendors and enterprises incorporating it into their security protocols either through product development or partnerships. In fact, industry analysts at Gartner predicted that attack surface expansion would be the number one security and risk management focus for CISOs in 2022 – predicating the need for a solid external attack surface management solution in place now.

Considering the potential impacts in the era of AI and digital transformation, and the fact that Security Operations will face more sophisticated attacks in years to come, an EASM platform can provide the new visibility that defenders desperately need to manage their emerging cyber risks.

Industries such as banking, telecom, and advanced technology are key industries taking the lead on EASM as a core function within security programs. Today, EASM solutions are being used in tandem with other cybersecurity services, such as vulnerability assessment, penetration testing service, breach and attack simulations, continuous security validation, etc., to shore up cyber resilience and prevent breaches.

Read all about BreachLock’s new EASM solution, SET, a modern, innovative EASM platform built for enterprise-grade external attack surface management: Get SET to ‘See External Threats’ with EASM from BreachLock

4 Reasons Attack Surface Vulnerabilities Are Increasing

There is an adage in security: you cannot protect what you cannot see.

Without an EASM solution in place, mapping an attack surface can be quite challenging for security teams – as they lack visibility to the assets in the first place.

Considering the ubiquity of distributed assets combined with the variety of dispersed assets, in-house teams are struggling to proactively identify and protect digital assets from emerging vulnerabilities and increasing cyber risks. The democratization of IT has added to the complexity, as staff deploy rogue and unmonitored assets without following established governance or security protocols. These assets create a vast number of critical risks and vulnerable assets that form the unknown attack surface. As a result, security teams responsible for attack surface management are facing collective blind spots that cannot be ‘seen’ for security monitoring, vulnerability management, and threat detection. This increases the unknown critical risks that an organization is facing.

Beyond asset discovery and continuous management, in-house teams are dealing with four primary challenges when it comes to identifying vulnerabilities on the attack surface: the borderless security perimeter, a lack of governance, shadow IT, and inadequate tools.

1. The Borderless Security Perimeter

The organizations have shifted from a closed IT framework to a more distributed, boundary-less organization. The assets are located across multiple locations, which often makes it very difficult for the cybersecurity team to track them. Moreover, the dependence on third-party cloud servers means that the assets are beyond the organizational firewall – which makes monitoring these internet-facing assets challenging.

2. Lack of Asset Governance

Skipping the official channel for asset management governance increases the probability that unmonitored internet-facing assets will be deployed – increasing the attack surface. While this is done often unknowingly by the team responsible, they end up creating cloud instances or websites, without any approval from the respective cybersecurity heads. The demand for meeting the deadline often ends up creating ghost websites – which later end up being untracked – thus resulting in exposed vulnerability for the organization.

3. Shadow IT

Online tools are being implemented by professionals, often without seeking the right approval from key personnel. As a result, a large pool of Shadow IT resources gets generated, and the cybersecurity professionals are not even made aware if one of the systems gets compromised. The lack of awareness within the IT team about the Shadow IT assets leaves them in a difficult position – as they cannot brace the organization from attacks – since they were kept in the dark all the time.

4. Inadequate Tools

Poor resource utilization as the automated tools used by organizations to track the activity on the attack surface generate volumes of data. The data require higher maintenance – and the analysis requires more human resources. As an alternative, priority should be given to the security tools that offer prioritization of potential risks and raise alerts based on the layers of criticality to reduce the noise.

How does EASM work to identify vulnerabilities?

Having an EASM solution is critical to discovering, identifying, and managing vulnerabilities that pose threats to your organization from cyberattacks on unknown and known assets on the internet.

While the most critical aspect an EASM solution is its ability to continuously identify unofficial assets accessing the organization’s network, the solution should also cover the following features to bring about tangible benefits to the organization:

1. Automated Asset Discovery: Both known and unknown internet-facing assets should be discovered by the solution across all the environments in an integrated manner.
2. Inventory and Classification: The solution should classify and categorize each external asset along with any discovered vulnerabilities. The requisite data will be gathered for business context on the organization and its subsidiaries. Data points will include domains, sub domains, IP addresses and ranges, ASN, mergers & acquisition, mobile app finders, certificates, and more, for on-going vulnerability management.
3. Vulnerability Risk and Criticality Scoring: As each asset is classified, vulnerability identification is categorized with associated risks and scores. Using the criticality of each asset’s associated risk profile, security teams can prioritize the most time-sensitive vulnerability management activities for DevSecOps remediation. False positives can be flagged and removed to conserve limited team resource hours needed for timely remediation.
4. Malicious Asset and Incident Monitoring: Asset and data exposures are unknown risks that EASM can detect on-going for malicious or unknown assets. From publicly harvested data dumps to unintentional S3 bucket leaks, EASM provides the ‘always-on’ solution that can be scheduled for 24/7/365 asset discovery. This will identify vulnerabilities for security analysts real-time to accelerate remediation and critical risk reduction.
5. Continuous Vulnerability Scanning: The solution should provide capabilities to continuously monitor the external attack surface using the established asset inventory as a baseline. The EASM solution will continuously update context on known assets while providing discovery of unknown assets faster. This feature helps teams attend to the highest-priority vulnerabilities that stem from unknown, newly discovered assets.
6. Breached Credential Monitoring: In addition to continuous monitoring, leading EASM solutions offer in-depth dark web scanning to reveal breached user credentials and reused passwords for sale online. This feature gives teams the visibility they need to identify and update any breached credentials online that are posing additional risks to company networks and assets.

See External Threats with a World Class EASM Platform

BreachLock understands the importance of managing your known and unknown external resources. With SET, BreachLock’s EASM platform, you can ‘see external threats’ for yourself while the SET platform continuously assesses and scans the internet-facing resources that your organization owns.

SET offers organizations a one-point solution to strengthening their EASM program. With clear remediation guidance, visibility, and open-source intelligence, SET enables CIOs and CISOs with capabilities to see all their real-time assets across the internet and protect them. The security team can now manage risks and vulnerabilities that are compromising internet-facing assets associated with your network on an intricate level.

BreachLock amplifies DevSecOps teams to ensure complete protection of the organization’s cyber security is externally SET with a real-time internet-facing asset inventory that is updated, patched, and monitored.

As a robust external attack surface management platform, SET continuously discover external assets online and offers the following capabilities to enable DevSecOps teams:

1. Real-time asset inventory for continuous vulnerability monitoring and management
2. Quantify the total number of exposed known and unknown assets online at any time
3. Categorization and scoring for team prioritization sorted by associated risk factor
4. Geo-location to document the asset’s physical location with associated IP address
5. Conduct rapid remediation using each asset’s details, context, and vulnerabilities identified
6. Critical exposure tracking on business-essential websites and digital assets to identify new vulnerabilities in the event of a real-time attack

When it’s time to enable the security team with a better solution for external attack surface management, the SET EASM platform from BreachLock supports your organization’s known and unknown internet-facing assets that may be exposed to cyberattacks around the clock. You can take steps now to prevent cybercriminals from breaching an external asset and using it as a vector to establish a foothold in your network. Schedule a discovery call with BreachLock to see your external threats with SET for external attack surface management.

Author

Ann Chesbrough