With how quickly software and businesses evolve, this causes problems with the traditional IT asset and vulnerability management practices.
As a result this has opened a new technological segment known as Attack Surface Management (ASM).
To help better understand the difference it is important to understand what we mean when we talk about a businesses attack surface.
Attack Surface – What is it?
Let us define what an attack surface is. This is a group or collection of assets that a company has. These assets can be physical, digital, known or unknown, that an outside threat actor can obtain unauthorized access to the data or systems.
It is important that those individuals that form part of a companies security team also keep in mind the hackers point of view when working to keep their organization safe.
It is important for any company to identify their cyber assets in order to understand their attack surface. This is the foundation from any security program that a company will implement.
The attack surface of an organization is fluid and always changing as resources in the cloud are deployed and decommissioned, pull requests are committed frequently to code repositories, employees are on boarded or off boarded from a company, and vendors are added or removed from ones tech stack as well as the environments they are used in.
It is important that when security teams begin to work along side the respective functions of the business, it is important that autonomy is given while keeping an eye out on the ever fluctuating attack surface.
Attack Surface Management – What Is It?
Continuous asset discovery, inventory, classification and prioritization of the value of the asset is known as attack surface management.
Vulnerability management goes hand in hand in terms of the broader approach to attack surface management.
When taking the perspective of an attacker when it comes to a companies environment, the appropriate teams model the various paths threat actors can take to get access to the holy grail and they mitigate the risk depending on the organizations risk appetite.
Taking the an attackers point of view helps to provide a more holistic approach to a companies cyber security practices, compared to the narrower scope that vulnerability management focuses on.
Continuous monitoring and assessing of digital assets and infrastructure in an organization is key to attack surface management.
Technology evolving at such a rapid pace, attack surface management has done so at the same pace. Growing from manual processes into powerful automated solutions which cover the necessary steps that are needed for comprehensive attack surface management.
Attack Surface Management Vs Vulnerability – What Is The Difference?
The practice of identifying, classifying, prioritizing and remediating the weak points found in ones infrastructure and applications that can otherwise be exploited by malicious threat actors.
Some examples of vulnerabilities can be system misconfiguration, outdated or un-patched software or applications, missing user credentials, or unencrypted data.
Looking briefly back at the history of vulnerability management, its initial focus was on the impact of an asset that is vulnerable, in turn ignoring how the systems were interconnected.
The use of scoring when it comes to vulnerabilities it helps to prioritize them as well as helps teams understand how serious the vulnerability is. Unfortunately, this doesn’t help communications across business functions when it comes to stressing how important it is to fix these vulnerabilities.
Its not surprising that an average sized organization has around 830,000 security risks that they need to work on mitigating.
The threat landscape is one that rapidly changes. It is essential that company security teams look to move away from chasing an alert, but get the various business functions to be responsible for their security issues.
It is important that those security issues are communicated in the context of the business and an evaluation in terms of risk management.
Compared to vulnerability management, attack surface management takes a holistic approach. This in turn provides enough business context to help prioritize the infinite backlog of security issues.
Instead of acting as a gatekeeper to growth and innovation of the business, it is essential for the security teams to keep an eye out and evaluate the rapidly evolving attack surface in real time, and focus on the issues that have the highest risk.
Reference:
https://info.jupiterone.com/hubfs/SCAR%202023/jupiterone_2023-state-of-cyber-assets-report_scar.pdf
Leave a Reply