Attack Surface Management Explained

CyberRisk Management
Written By Megan Henderson

An attack surface is the total possible entry points (a.k.a. attack vectors) for unauthorized access into any system. The recent increase in remote and hybrid work combined with the shift to the cloud and widespread implementation of software-as-a-service (SAAS) applications have made attack surfaces increasingly large, complex and difficult to defend against cyberattacks. As a result, organizations face the challenge of continuously monitoring their attack surfaces to identify, block and respond to threats as quickly as possible.

What is Attack Surface Management (ASM)?

Attack Surface Management involves continuously discovering and monitoring potential attack vectors, including any pathway or method a hacker may use to gain access to a company’s data or network to facilitate a cyberattack.

A company’s attack surface is constantly changing and generally includes four main surfaces:

  • On-premises assets, such as hardware and servers

  • Cloud assets such as workloads, cloud-hosted databases, or SaaS applications

  • External assets such as an online service provided by an external vendor that may be integrated with the company’s network or is used to store its data

  • Subsidiary networks shared by more than one organization

How ASM Works

ASM aims to provide a company’s security team with a current and complete inventory of exposed assets to accelerate response to threats and vulnerabilities that put a company at risk.

ASM includes four automated core processes that must be carried out continuously as the size of the digital attack surface is constantly in flux.

1.     Asset discovery

Asset discovery is a continuous process that scans for potential entry points for a cyberattack. These assets may include subsidiary assets, third-party or vendor assets, unknown or non-inventoried assets, known assets, or malicious or rogue assets.

2.     Classification and prioritization

Assets are analyzed and prioritized by the likelihood that hackers could use them as a target. They’re inventoried by their connections to other assets in the IT infrastructure, IP address, identity and ownership. Assets are also analyzed for exposures such as missing patches, coding errors, and potential attacks, including spreading ransomware or malware. Each vulnerable asset is assigned a risk score or security rating.

3.     Remediation

Potential vulnerabilities are remediated in order of priority. It may be necessary to apply software or operating system patches, debug application codes or use stronger data encryption. Previously unknown assets may need new security standards or it may be necessary to integrate subsidiary assets in the company’s cybersecurity strategy.

4.     Monitoring

Security risks change whenever a new asset is deployed or existing assets are used in new ways. The network and its inventoried assets are continuously monitored for potential vulnerabilities to allow ASM to find attack vectors in real time. Security teams can then act quickly to neutralize the threat.

Conclusion

A well-designed attack surface management strategy not only helps protect an organization from cyberattacks—it is also a practice frequently required by underwriters to obtain cyber insurance.

For additional cyber risk management information and insurance solutions to help protect your company from the financial effects of a cyberattack, contact us today.

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2022 Zywave, Inc. All rights reserved.

Megan Henderson
Previous

Health Plans Must Provide Price Comparison Tool for 2023
Next

5 Things to Consider During Open Enrollment