How Attack Surface Management Supports Continuous Threat Exposure Management

May 11, 2023Hacker News

According to Forrester, External Attack Surface Management (EASM) is emerging as a market category in 2021 and gaining popularity in 2022. In a separate report, Gartner concluded that vulnerability management vendors are broadening their offerings to include Attack Surface Management (ASM) for a comprehensive suite of offensive security solutions.

Recognition from global analysts has officially put ASM on the map, evolving the way security leaders approach their cybersecurity.

Why Now is the Right Time for Attack Surface Management

Businesses today rely more on digital assets than ever before. Shifts over time include more use of the cloud, increased remote workforce, and greater expansion of digital assets due in part to mergers and acquisitions.

This results in an expansion of the known and unknown attack surfaces that the business manages, providing more pathways for malicious actors to enter the environment.

Consider this analogy for example: If your house has only one entrance, you can install 100 locks to increase security. But if you have 100 doors in your house, each door can only have one lock. In this case, reducing the number of doors in a home, or assets for an attacker to enter, creates a more secure environment. This is where Attack Surface Management comes in.

EASM’s Role in Continuous Threat Exposure Management (CTEM)

EASM differs from similar market categories, such as cyber attack surface management (CAASM) or security risk rating services, but the differences are nuanced. Recently Gartner® reportsthe authors recommend more education about the role ASM plays in sustainable threat exposure management (CTEM) to help security leaders advance their programs.

Gartner defines CTEM as, “a set of processes and capabilities that enable companies to continually and consistently evaluate the accessibility, exposure, and exploitation of their digital and physical assets.”

5 Phases of Continuous Threat Exposure Management

1. Scoping
2. Invention
3. Priority
4. Validation
5. Mobilization

Attack Surface Management assists in the first three phases of CTEM: scoping, discovery, and prioritization by supporting businesses through inventory of known digital assets, continuous discovery of unknown assets, and human intelligence to prioritize severe exposures for timely remediation. In some cases, offensive security providers take it a step further by also performing penetration testing of identified vulnerabilities to validate vulnerabilities and to prove exploits. This is the mark of a true ASM partner.

“By 2026, organizations that prioritize their security investments based on continuous exposure management programs will be three times less likely to experience a breach.”

Attack Surface Management Supports Scoping, Discovery, and Prioritization

Let’s take a deeper look at the first three phases in CTEM:

• Scope: Identify known and unknown exposures by mapping an organization’s attack surface.
• Invention: Uncover misconfigurations or vulnerabilities in the attack surface.
• Priority: Evaluate possible exposures being exploited. The best attack surface management platforms combine technological innovation with human ingenuity to verify alerts and add context to help prioritize repair efforts.

Compete by Expanding the Attack Surface

Clarifying where ASM fits into existing security strategies helps leaders choose the right mix of technologies for their offensive security programs.

NetSPI is recognized as a recognized EASM vendor by Gartner® and Forrester. Explore the NetSPI ASM platform or connect with us for conversations to advance your offensive security program.

Notes: This expertly contributed article was written by Jake Reynolds. Jake is a computer science graduate from the University of Minnesota, Twin Cities. He specializes in enterprise web development and currently leads Research and Development for new penetration testing technologies at NetSPI.

NetSPI is a leading offensive security company providing comprehensive penetration testing, attack surface management, and breach and attack simulation solutions. With 20 years of experience, their cybersecurity experts secure leading organizations around the world, including leading banks, cloud providers, healthcare companies and Fortune 500 companies. Headquartered in Minneapolis, they have offices in the US, Canada, UK and India .