Virus Detected Screen

The Future of Attack Surface Management: How to Prepare

It is estimated that the external attack surface for more than two-thirds of organizations has expanded in the past year. In this Expert Insight, David Monnier, a Fellow at Team Cymru, talks about how next-generation Attack Surface Management (ASM) platform can help.

To stay ahead of threat actors, organizations must monitor their attack surfaces continuously, maintain accurate and updated asset inventories, and judge which vulnerabilities to patch for the most significant risk reduction.

At Team Cymru, we have spent decades developing solutions to help organizations better understand adversaries by mapping their infrastructure; it’s now time for us to equip our customers with the adversary view of their own.

We are providing the home-field advantage to proactively defend their critical data and infrastructure. This article looks at our vision of the future of attack surface management (ASM) and the tools needed to understand and manage cyber risk.

What the Future of ASM looks like

Each hour that passes after threat actors breach your defenses allows them to extract more and more valuable data and learn how you respond to certain types of attacks. A delayed response can cost your organization millions when it comes to cyberattacks. But speed alone is not enough.

ASM begins with a deep understanding of threats and vulnerabilities; this is where Team Cymru is truly unrivaled with another Pure Signal Orbit stablemate. Our Pure Signal™ Recon platform gathers signals from across the globe and has been the recognized leader in this space for many years. It provides security teams visibility far beyond their internal infrastructure and provides the ability to trace threats more than a dozen hops to their source.

After IPs associated with confirmed malicious activities are added to a dynamic IP Reputation feed to create a network-level blocklist, the information is automatically fed to the insight engine of our Pure Signal™ Orbit—a recently launched solution. This sequence allows Orbit to autonomously identify known and unknown customer assets, remote connectivity, and third-party and fourth-party vendor assets that are impacted by current threats anywhere across the globe.

By continually monitoring these assets to determine the presence of vulnerabilities or threats, Orbit can provide a fulsome and holistic risk score, so C-suite and security teams benefit simultaneously from strategic and tactical views. Leaders can prioritize remediation efforts and drive risk-based decisions from their enhanced vantage points. This is the future of ASM, and we call it ASM v2.0.

It is estimated that the external attack surface for more than two-thirds of organizations has expanded in the past year. It is critical to gain an awareness of internal and external vulnerabilities as quickly as possible. With ASM v2.0, teams can gain a holistic view of their attack surface and detect supply chain threats and dangers posed by business partners.

For business leaders considering a merger or acquisition, ASM v2.0 capabilities become even more critical to reduce the financial exposure of ingesting an already compromised organization. No longer wait for months to get a static report that was out of date the moment it was sent to you, do it now, do it tomorrow, and do it every day until that deal completes. Every moment is another opportunity for an attacker to compromise your target acquisition and cause more pain. On the flip side, a weak security status is grounds for negotiation in your favor—another few million here saved in the cost of breach avoidance, another few more beating them down on sale price.

Leaders need to know that the other organization is not inadvertently hiding threats or vulnerabilities to make essential risk-based decisions.

Because there’s no time wasted trying to take the information provided by one tool and apply it to a second, third or fourth, we have integrated the features of our ASM v2.0 solution, Pure Signal™ Orbit, into a single platform. This integrated approach drives speed and accuracy as all critical data, threats, and risks are available in a single place.

Additionally, a pricing advantage is realized by buying one tool instead of four disparate solutions. The need to manage a single tool also provides savings in administrative costs.

The ASM v2.0 approach of integrating legacy ASM, vulnerability management, and threat intelligence is a better solution. It brings best-in-class threat intelligence and never before seen visibility of your expanding attack surface into a combined solution.

What to ask yourself to prepare for ASM v2.0

For budget planning, it is essential to ask yourself if the licensing model of an ASM v2.0 solution works for your organization. You will need to consider leadership’s expectations about the future growth of your organization.

By most standards, ASM is still immature, but it is evolving rapidly. EASM solutions are at the top of management investment priorities for 2022.

Competitive solutions vary in breadth and depth. To further complicate buying decisions, offerings can be standalone solutions or part of an integrated platform.

ASM is a set of processes for discovering, identifying, managing, and monitoring external IT assets. Solutions to aid teams in implementing these processes are commonly referred to as EASM (external attack management) solutions.

Less than a third of organizations have a formal external attack surface management solution. Most still rely on manual processes and spreadsheets to implement ASM processes. Using these manual processes can take more than 80 hours for an organization to update its attack surface inventory alone.

Another vital thing to consider is the stability of the EASM vendor. EASM is a volatile space, so the longevity and track record of the various vendors should weigh heavy in purchasing decisions. Assumptions about the capabilities of each solution are based chiefly on marketing claims, so look for a vendor with a history of meeting customer expectations.

The Future is Bright — For Those Who Evolve

The future is coming faster than we think, and being prepared to evolve as emerging threats present to your environment is critical. Research has demonstrated that most companies do not entirely understand their attack surface. Upwards of 70% of organizations have been compromised because of an unknown, unmanaged, or mismanaged visible asset.

Transitioning from legacy ASM processes to an ASM v2.0 EASM solution reduces your organization’s risk of being left behind in addressing cyber threats.

(*) Disclosure: This article was sponsored by Team Cymru. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.