The attack surface is growing faster than the security team can catch up. To stay first, you need to know what is exposed and where the attacker is most likely to attack.
The recruitment of the cloud has increased dramatically, the ease of disclosing new systems and services to the Internet, prioritizing threats, and managing the attack surface from the attacker’s perspective has become more important than ever. Ta.
This guide describes the reason why the attack surface is growing, and how to properly monitor and manage them with tools like an intruder. Let’s jump in.
What is your attack?
First, it is important to understand what it means when talking about the attack. The attack surface is the total of digital assets that the attacker can “reach”. It is an attacker, whether it is aggressive or not, is safe, vulnerable, or unknown.
You can also have both internal and external attack surfaces. For example, imagine an attachment of malicious emails landing on a colleague’s receiving tray.
The surface of an external attack changes continuously over time, including on -premises, cloud, subsidiary networks, and digital assets, a third -party environment. In short, the attack surface can be attacked by hackers.
What is an attack side management?
Attack side management (ASM) is a process that discovers these assets and services and minimizes exposure to prevent hackers from using them.
Exposure can mean two things. Current vulnerabilities include lack of patches that reduce services or assets security and incorrect inflammation. But it can also mean a future vulnerability or a exposure to a determined attack.
For example, a management interface such as a CPANEL or a firewall management page -These may be safe for all today’s current attacks, but you can easily find vulnerabilities with software tomorrow. In that case, it will be a serious risk immediately. Therefore, the conventional vulnerability management process says that “wait until the vulnerability is detected and then repair it”, but the attack surface management “removes the firewall management panel from the Internet before it becomes a problem. Please say!
It goes without saying that, regardless of the vulnerability found, can open it to other attacks by exposing the firewall management panel to the Internet to the Internet. For example, if an attacker finds some administrator qualification information elsewhere, there is a possibility that these qualifications may be reused to these administrator interfaces, which expands the access throughout the network. How to do it. Similarly, they may try a sustainable “low and slow” password speculation exercise under the radar, but ultimately get results.
In particular, to emphasize this point, it was reported that the ransomware gang was targeted at the VMware vSphere environment in 2024. By utilizing these server vulnerabilities, they gained access and encrypted important infrastructure virtual hard disks and demanded huge ransom. It has been reported that there are more than 2000 VSphere environments that are still exposed.
Therefore, if today’s attack surface is reduced for multiple reasons, it will be difficult to attack tomorrow.
Necessity of attack surface management
Asset management assignment
Therefore, if the important part of attack surface management is to reduce the exposure of future vulnerabilities by deleting unnecessary services and assets from the Internet, you have the first step. Knowing what is.
In many cases, asset management was traditionally a time -consuming and time -consuming job for IT teams, as it was often considered a poor relationship between vulnerability management. Even though hardware assets were controlled within the boundary between the organization and the network, it was still a problem. If only one asset is missed from the property, the whole vulnerability management process may be avoided, which may have a significant impact on business according to the sensitivity of the asset. This is the case of the 2016 Deloit violation, and the overlooked administrator account was abused and highly confidential client data was released.
As companies increase their merger and acquisitions, they take over unaware systems. Let’s look at the example of Telco TalkTalk that was violated in 2015. I know it exists.
Shift to the cloud
Today is even more complicated. Companies have shifted to cloud platforms such as Google Cloud, Microsoft Azure, and AWS. But this allows many responsibilities for security to directly responsible for the development team. This shifts in a change control process from a traditional intensive IT team.
This is perfect for development speed, but to create a gap between visibility, the cyber security team needs to keep up with the pace.
Modern solution
If there is a perception that attacking asset management and vulnerability management need to be closely related, companies need tools to work effectively.
Good example: Intenser customers once told us that there is a bug in the cloud conona -an integration that indicates a cloud system exposed to the Internet. We showed an IP address that he didn’t think he had. But when we investigated, our connectors were working normally. The IP address is located in the AWS area that he has not used, and is somewhat invisible on the AWS console.
This indicates how attacking management is as possible in view as vulnerable management.
Where does the attack surface stop?
When using SaaS tools like HubSpot, they hold a lot of your highly confidential customer data, but you won’t think they will scan them for vulnerabilities -this is the risk of third -party. It is a place where the platform appears. Many cyber security safe guards are being maintained -and you will evaluate them.
The lines are blurred at the outside agency. Probably, we will create a website using a design agency, but there is no long -term management contract. What happens if the website maintains a vulnerability and maintains a live show?
In these cases, third -party and suppliers’ risk management software and insurance can help protect companies from problems such as data violations and violations.
6 ways to secure an attack surface with an intruder
Now, we have seen the reasons why attack surface management is very indispensable. The next step is to change these insights into specific and effective actions. The construction of an ASM strategy means finding unknown things beyond known assets, adapting to a constantly changing threat, and focusing on the risks that have the most impact on business.
Here are six methods that can help the intruders do this:
1. Discover unknown assets
Invaders can easily track, but continuously monitors assets that can create an explosive gap, such as subdomain, related domains, APIs, and login pages. See the details of how to find the invader’s attack surface.
2. Search for exposed ports and services
Use the invader’s attack surface view (see below) to find something exposed to the Internet. A simple search allows you to check the border between ports and services that should be accessed from the Internet.
3. Find exposure (other people overlook)
Invaders provide larger coverage than other ASM solutions by customizing the output of multiple scan engines. Check more than 1,000 attacks, such as exposed administrator panels, public databases, and misunderstandings.
4. Scan every time the attack surface is changed
The intruder continues to monitor the attack surface for changes and starts scanning when a new service is detected. By integrating intruders with a cloud account, new services are automatically detected and scanned to reduce blind spots, so that all exposed cloud assets are covered by vulnerability management programs.
5. Please be ahead of a new threat
When a new serious vulnerability is discovered, intruders will start to actively start scanning and help secure the attack as the threat evolves. With a quick response, our security teams will check the system on the latest issues that are used faster than the automated scanner can be used, and will immediately warn you if the organization is in danger.
6. Give priority to the most important issues
Intervents can help focus on vulnerabilities that bring the biggest risk to business. For example, it shows the possibility that vulnerabilities will be misused within the next 30 days, filtering with “known” and “very possibilities” to generate the most important risk list to deal with. can.
Let’s start the attack surface management
The intruder’s EASM platform solves one of the most basic issues of cyber security. It is necessary to understand how the attacker is looking at the organization, a place that is likely to enter, identifies, priority, and eliminates risks. Make a reservation with the team and find out how the intruders help protect the attack surface.
Source link
