Free Book - External Exposure & Attack Surface Management for Dummies
Active testing is a process involving repeated interaction with a digital asset to reach success criteria defined by the test methodology. Active tests are often human-led, using multiple tools, with each test an evolution from the prior step. Active testing can also be automated, where the testing engine sends a payload to the asset. The payload defines the success and all steps needed to complete the test. Also see "Passive Scanning".
The process of tracking, identifying, and assigning assets to the party that manages them. Automatic attribution will continuously credit virtually all assets to one or more organizations, brands, missions, or teams with an evidence trail and confidence rating on an ongoing basis.
An attack vector is a path that an attacker can use to gain access to an organization’s network. Attack vectors can include exposed assets or abandoned assets, but they can also include unpatched software vulnerabilities, misconfigured software, weak authentication, and domain hijacking.
Attack surface protection is the process of continuously discovering, classifying and testing the security of your attacker-exposed IT ecosystem. It combines advanced ASM capabilities with automated multi-factor testing to discover the paths of least resistance that attackers are most likely to use to compromise organizations. The first, foundational step in attack surface protection is to fully map the organization’s externally-exposed attack surface. While most ASM and EASM approaches stop there or use a proxy risk measure (such as banner grabbing), attack surface protection takes that process a step further. Attack surface protection uses active security testing that goes beyond simply mapping out the attack surface and applying indirect security measurements. To complete the protection process, discovered risks must be prioritized, so that security teams can plan their remediation efforts and address the most potentially damaging issues.
Attack surface discovery is an initial stage of attack surface management. It’s the process of automated searching to identify digital assets across an organization’s external IT (or Internet-exposed) ecosystem.
An attack surface is the sum of an organization’s attacker-exposed IT assets, whether these assets are secure or vulnerable, known or unknown, in active use or not and regardless of IT/security team is aware of them. The attack surface changes continuously over time, and includes assets that are on-premises, in the cloud, and in subsidiary networks as well as those in third-party or partner environments.
To see how CyCognito can help you understand your attack surface see this page.
An attack path is one or more security gaps that attackers can exploit to gain access to an IT asset and to move from one IT asset to another. A clear understanding of possible attack paths helps security teams accurately gauge cybersecurity risk.
Attack surface management (ASM) is the process of continuously discovering, classifying and assessing the security of your IT ecosystem. The process can be broadly divided into (a) activities performed in managing internet-exposed assets (a process called external attack surface management, or EASM) and (b) management activities on assets accessible only from within an organization. Many organizations use an assortment of tools and manual processes to secure their attack surface, making the process fraught with operational complexity, human error and best-guess analysis.
External attack surface management can be a particularly daunting task due to the presence of “unknown unknowns,” as well as assets housed on partner or third-party sites, workloads running in the public cloud, IoT devices, old, abandoned or deprecated IP addresses and credentials, and more.
To see how CyCognito does EASM, go to this page.