What is Attack Surface Management?
By Cody Pierce
You may have heard the term “Attack Surface Management” gaining popularity throughout the cybersecurity industry. But what exactly is your attack surface? How do you manage it? Is it just a new way to sell old software and services? I’m glad you asked! In this post, I will shed light on how AlphaWave defines ASM, and more importantly, how attackers think about your attack surface.
Before we dig into details, I would like to give you some background about myself. For more than 15 years, I have worked on offensive security research. More specifically, I have discovered dozens of vulnerabilities, written dozens of exploits, and performed hundreds of penetration tests. Why am I telling you this? Because with experience, you begin to understand that the attack surface is the first place to start looking for leverage.
Let me give you an example. Watch the movie Oceans 11. See all of the planning beforehand? See how much they understand about the casino? They have effectively enumerated the attack surface and are better able to plan an effective heist. Cybersecurity is not much different. From software vulnerabilities to misconfigurations and shadow IT, attackers will discover your gaps and develop a plan to compromise your organization.
Research and breach intelligence back this up. For instance, Palo Alto’s Unit42 has published an excellent report on the state of cybersecurity. Their research highlights that 65% of reported cloud incidents were due to misconfiguration and are increasing.
So what does AlphaWave mean when we say Attack Surface? We think of it as every interface you expose to the internet with the potential to give an attacker the advantage. To put it into concrete terms, refer to the following abbreviated list of common attack surface categories.
- Domain names
- IP addresses
- Network Services
- Web applications and their dependencies
- Cloud Storage
- Web APIs
- Mobile Apps
The previous list highlights how diverse your attack surface is, and with the adoption of multi and hybrid cloud, it is much larger in reality (Amazon AWS offers 146 different services). Add in the complexity of dynamic resources, and we have an environment ripe for compromise.
But enumeration is just the beginning; the next step is to analyze the attack surface and discover potential attacks with a high likelihood of success. The following list highlights a subset of the exposure taxonomy AlphaWave has developed to categorize attacker opportunities.
- Risky Services
- Data Leakage
- Misconfigured and Default Configurations
- Policy Violations
That brings us to the final point of this article. How does AlphaWave help you manage this massively complex and constantly changing digital landscape? We provide the inventory of what you have and analyze it to tell you why it matters.
By giving you this perspective, you can reduce attacker opportunity and improve your cybersecurity hygiene. If you do not know what you have, then you are already ten steps behind the attacker.
Want to start reducing and managing your attack surface? Contact us for a demo. Thank you for your time. I hope you better understand the steps you must take to take back control from the attacker.