In this white paper, the experts at SANS explain exactly what EASM is, how it works, why it’s so important, and provide detailed case studies of what could happen without it.
This SANS white paper provides the foundation you need to understand how to maximize your security value by analyzing your attack surface using the perspective of attackers. The white paper also includes three in-depth case studies that examine a range of attack surface management failures.
Not all attack vectors are created equal: an asset that is directly connected to the internet is far more exposed and vulnerable to attack than one that isn’t. Whether it’s a Jenkins server unknowingly exposed during the change management process, exposed digital video devices or a default password-enabled server on the Internet, knowing where your risks lie can make all the difference. That makes External Attack Surface Management (EASM) critical for protecting your organization. However, many security teams haven’t embraced a holistic platform approach so are stuck spending extra time and effort cobbling together disjointed legacy tools and asset management processes that lack the insight or agility to keep up with attackers.
Traditional attack surface management techniques like point tools and manual scans can miss roughly a third of internet-facing assets, leaving organizations dangerously – and unknowingly – exposed. Because an internet-facing vulnerability is a prime entry vector for threat actors, it’s crucial to understand the state of your complete attack surface at all times, not just portions of it from occasional scans.
This SANS white paper provides the foundation you need to understand how to maximize your security value by analyzing your attack surface using the perspective of attackers. The white paper also includes three in-depth case studies that examine a range of attack surface management failures, along with how the deployment of EASM helped each organization regain control of their attack surface.
While each case study covers widely different scenarios, each has the same root cause: a lack of visibility into the attack surface. Continuous monitoring of an attack surface is no longer a high-maturity activity, but a business imperative. With EASM, organizations can significantly improve their security posture, allowing them to maximize their security value.