Why is Attack Surface Management (ASM) important?
You don’t have to look far to find stories about the danger of ever-growing attack surfaces.
Take the SolarWinds attacks in which malware was introduced via organizations’ supply chains, routes that are often overlooked on the assumption that they are implicitly secure. This exploit continues to turn up victims, including the email systems of government and international aid agencies that have been critical of the alleged perpetrators.
Another oft-forgotten attack vector is out-of-date software and hardware that is still in use, such as the exploited remote code execution vulnerabilities that have existed on Microsoft Exchange servers as far back as 2010. Remote code execution vulnerabilities were also exploited in attacks against Accellion customers using the company’s legacy File Transfer Appliance (FTA).
Ransomware, as demonstrated by the recent Colonial Pipeline attack, is another example. The attack targeted remote services such as Citrix, Remote Desktop Web (RDWeb), or remote desktop protocol (RDP) to initially gain unauthorized access. Because organizations are working with largely-remote workforces due to the pandemic, the timing couldn’t have been worse.
In each of these breaches, attackers made their way in through a route that was either unknown by security or considered unimportant. Given the vast number of devices and services spanning your enterprise, it is easy to see how something could be overlooked, especially if you are examining your attack surface from the perspective of most security teams– that is to say, the inside out.
Why organizations turn to attack surface management:
- Outside-in approach: Attackers carry out automated reconnaissance efforts that analyze your attack surface from the outside in. ASM provides security teams with the same perspective, revealing the true attack surface attackers can exploit.
- Continuous visibility: ASM provides continuous visibility into your security gaps.
- Rapid remediation: ASM makes it possible to proactively discover issues across all attack surfaces and remediate issues before they become exploited.