What is Attack Surface Management (ASM)?

Attack surface management is a relatively new technology that has emerged to answer the new security needs born out of the new risk exposure due to the evolving nature of external attack surfaces and the increased efficacy of cyber-attackers’ access to advanced and automated recon tools.

Attack Surface Management (ASM) is a process that continuously scans internal and external environments to exhaustively catalog all assets of an organization’s IT infrastructure.

The difference between ASM and asset discovery is that it adopts an attacker’s perspective to cover all exposed assets, including on the Internet and in discoverable assets in supply chains.

External attack surface management (EASM) is a crucial aspect of attack surface management that helps organizations identify and mitigate risks associated with their external-facing assets, such as domains, IP ranges, websites, and cloud resources. By continuously assessing these assets for vulnerabilities, an EASM solution, also known as an attack surface management solution, generates prioritized issues for the security team to remediate and reduce the external attack surface. In addition to external attack surface management, internal attack surface management is also important for organizations seeking to move to the cloud and secure their digital infrastructure. However, external attack surface management specifically focuses on assets that are accessible from the public Internet, making it a vital component of a robust external attack surface management solution.

Attack surface management is crucial in today’s threat landscape, where threat actors are constantly scanning and targeting vulnerable assets, including an organization’s digital assets. These actors can include malicious insiders, nation-states, cybercriminals and other threat actors who exploit vulnerabilities in the network to gain unauthorized access. With mergers or acquisitions, it is important for IT and security teams to identify rogue assets that threat actors may use to target the company. Practitioners should leverage external threat intelligence to conduct targeted threat hunts and prioritize remediation, from the nearest network endpoints to around the deep and dark web. This approach can help organizations understand what threat actors are doing in the wild and how it could impact their internal environment.

What Types of Assets are Uncovered Through ASM?

The goal of ASM is to ensure that all assets, secure or insecure, known or unknown, are exhaustively listed and that the list is continuously updated so that asset monitoring can be comprehensive.

Exposed assets uncovered through ASM include:

• Shadow and orphaned IT – covers a wide range of data and practices, ranging from employees’ unapproved use of hardware or software to forgotten previous versions that have not been fully deactivated and could enable an intruder to gain an initial foothold.
• Active or inactive assets – Though classic asset discovery procedures rarely miss active assets, inactive ones might be forgotten in successive deployments
• Managed and unmanaged devices – including employee-owned BYOD
• Rogue assets – generated by malicious actors to impersonate your domains
• Hardware – including all devices, listed or unlisted, inherited through an M&A, email servers, data storage centers, and more
• Software – including unknown open-source software, public code repositories such as Github, APIs, web and mobile applications, and more
• SaaS-related and vendor-managed assets
• Leaked credentials
• Other

Many of these assets can appear at any time on the Internet and are completely ignored by traditional firewalls or EDR services. In other words, ASM discovers assets on the external asset surface typically ignored by defensive tool arrays.

Effective vulnerability management is crucial for protecting your organization from cyber threats. Attack surface management (ASM) provides a comprehensive approach to vulnerability management by automating asset discovery, risk assessment, and vulnerability assessment processes. ASM tools analyze the attack surface in real-time, covering all of an organization’s assets beyond traditional security controls like mapping, firewall, and endpoint protection. To build an effective vulnerability management program, organizations need to understand their attack surface, prioritize remediation efforts, and build a robust inventory of assets, all of which are crucial for the success of security operations.

Why Do You Need ASM Today?

The combination of technological development, such as increased reliance on external services, abrupt societal change, such as the massive move to work from home in the last two years, and the acceleration of the threat landscape expansion is creating a perfect mix for turning unknown assets into time bombs.

While security teams still often focus on reducing attack surfaces, without an adversarial-based discovery process such as ASM, the reduced surface fails to include unknown assets. On the other hand, cyber attackers have no qualms about using advanced reconnaissance tools that will uncover those overlooked exposed assets.

In today’s ever-evolving cybersecurity landscape, it is crucial for organizations to adopt robust attack surface management (ASM) practices. While asset discovery procedures may effectively identify active assets, there remains a significant security risk associated with inactive assets, including cloud assets, that often go unnoticed during successive deployments. These forgotten assets can become vulnerable entry points for malicious actors, including IoT devices, which are increasingly being used in business environments. Therefore, understanding and implementing ASM is essential in mitigating these potential threats.

ASM goes beyond traditional asset management by encompassing both managed and unmanaged devices. This includes employee-owned devices brought into the workplace, also known as BYOD (Bring Your Own Device). Such devices can introduce additional security challenges if not properly monitored and secured.

What is Included in ASM Tools?

Robust ASM tools provide a full range of services that include:

1. Discovery – the reconnaissance phase (AKA recon) during which the ASM tool impersonates attackers by scanning multiple sources for intelligence that could later be exploited, including domains and sub-domains (for application and infrastructure vulnerabilities, web misconfigurations, and open ports,) organizational, employee, and technical information that can be used in a social engineering attack or to gain illicit network access and initial foothold, and other exploitable intelligence that an attacker may take advantage of.
2. Findings classification – there are different ways of classifying uncovered assets and the degree of severity of the exposure they generate. Cymulate’s ASM uses the following classification categories:• Network-level – Firewall policies and “network level” protocols findings
3. • Server level – Everything which can be considered infrastructure.
4. • Operating System, built-in administrative capabilities, HTTP servers such as IIS and Apache
5. • Service level – Services that are installed on top of the “infrastructure” |
6. • Application-level – Web application and other custom applications scanners
7. • Data level – Privacy related and sensitive information disclosure findings
8. • Policy level (Insights) – Missing security controls rather than misconfiguration
9. Report generation – Once the uncovered assets have been classified, tan ASM tool generates a report listing all uncovered assets, categorized and correlated with the type of risk they generate.

Cymulate ASM solution also provides a dynamic interactive dashboard with a wealth of information accessible at a click.

Cymulate ASM Dashboard

As you can see, Cymulate’s ASM main dashboard provides a wealth of information at a glance, ranging from the overall security score (the higher the score, the higher the risk), the number of assets uncovered, the number of findings, where findings indicate a potential risk, the assets listed by types, and the findings repartition per category, severity, or status (new, or previously listed). Additionally, Cymulate’s ASM tools use threat intelligence feeds to generate security ratings and risk scoring for an organization’s overall security posture. With the increasing use of cloud services, it is crucial for organizations to have strong cloud security measures in place, and Cymulate’s ASM dashboard offers a comprehensive view of an organization’s cloud security.

The information displayed combines purely informational data, such as the number or type of assets with risk data, such as all information related to findings

Each asset or finding can be examined more in-depth in the asset of finding respecting tab.

Viewing ASM results per Asset

By default, assets are listed in decreasing order of the number of findings per asset, causing assets with the highest number of findings to be displayed on top, immediately drawing attention to those necessitating immediate action.

Clicking on the number of findings corresponding to that asset displays the list of related findings in the Findings dashboard.

Viewing ASM Results per Findings

You can access the findings dashboard by pre-filtering the findings by asset by clicking on the findings number of an asset or access all the findings by clicking on the findings tab.

Regardless of how you access the findings dashboard, the information about each finding includes the finding’s name, such as Vulnerable Software in Use, External Hosted JavaScript, Low IP Reputation, etc., its category, the affected asset, the finding’s risk severity, its status, the date it was first seen, the type of action you opt to take, (Investigating, To Be Defined or Irrelevant), access to more information, and the presence of sensitive data.

In the realm of cybersecurity, attack surface management (ASM) is a critical aspect that organizations must prioritize. To effectively manage their security posture, companies often rely on tools like Cymulate’s ASM tools, which provide valuable insights into an organization’s overall security standing.

These ASM tools leverage threat intelligence feeds to generate security ratings and risk scores, enabling businesses to assess the potential vulnerabilities within their systems. By combining informational data, such as the number and type of assets, with risk data related to findings, organizations gain a comprehensive understanding of their attack surface, including both open source and proprietary assets. This includes viewing ASM results per findings to identify and address possible attack vectors and reduce the risk of data breaches.

Accessing More Info on the Findings

The More info dashboard provides in-depth information about the related finding, ranging from a generic description and a mitigating action recommendation to a list of evidence related to the finding, such as the related CVEs and more.

Furthermore, the More info dashboard also offers a detailed analysis of the finding’s impact on the organization’s overall security posture. This includes insights on the potential risks and consequences associated with the finding, as well as recommendations on how to mitigate those risks effectively.

By accessing more information on the findings through tools like Cymulate’s ASM, organizations gain a deeper understanding of the vulnerabilities within their attack surface. The More info dashboard provides a wealth of valuable insights, including a comprehensive description of the finding and recommended actions to mitigate the risk.

In addition, the More info dashboard also presents evidence related to the finding, such as Common Vulnerabilities and Exposures (CVEs). This allows businesses to assess the severity of the vulnerability and take appropriate measures to protect their systems.

By accessing the detailed information provided in the More info dashboard, organizations can gain a deeper understanding of each finding and make informed decisions regarding their security strategy. This allows them to prioritize and address the most critical vulnerabilities within their attack surface promptly.

Viewing the Asset Discovery Graph

Unique to the Cymulate ASM dashboard, you can also visualize the discovery path, both globally or granularly.

Watch Cymulate ASM Live Demo or see Cymulate ASM in action for your environment by starting a free trial