Attack surface is about all possible security risk exposures, especially all internet-accessible external assets that adversary could discover and gain foothold into your environment.
Attack Surface Management (ASM) is an emerging category of solutions that use an external attacker’s perspective to help organizations better manage these type of risk exposures.
These include:
- Continuous discovery and Inventory of unknown assets (Cloud and shadow IT)
- Classification and Prioritization of risk and vulnerabilities
- Continuous monitoring of assets and Threat Intelligence
Is ASM a Asset Management? or is it Vulnerability Management?
It is actually more of a Risk Management with the following Use Cases.
- Identifying and visualizing external gaps
- Discovering of unknown assets
- Attack Surface risk management
- Risk-based vulnerability prioritization
- Assessing Mergers and Acquisitions (M&A), and subsidiary risk
SANS recently released a guide on evaluating ASM solution. the guide discuss about 2 major requirements: Product and Operational requirements
Product requirement
- Automated Discovery - An advanced algorithm capable of building a map of assets with minimal input and limited false positives.
- Continuous Monitoring - Ability to detect change by frequently scanning the attack surface. When an asset is removed, the ASM solution should maintain the information in the database for historical purposes.
- Risk Based Management - Create and maintain a risk score for each asset that combines the ASM provider’s external threat assessment with user provided information on relative business value, impact and remediation status.
- Alerting - Ability to monitor and alert on changes.
- Enterprise Management - ASM solutions should include basic enterprise management capabilities that enable large teams and organizations to operationalize the solution.
- Interoperability & Integrations - Supports third party integrations and custom development using a provided API.
Related Link:
No comments:
Post a Comment