What is Attack Surface Management?

For organizations, attack surface management means proactively addressing the cyber threats, vulnerabilities, and exposures that adversaries can use to gain unauthorized access to their systems and attack their brand and customers.

Attack surface management is a predominant concern for security teams and their senior leadership, who must have a comprehensive view of their overall digital exposures and deep insight into threats targeting them to make strategic decisions safely and effectively.

Attack surfaces are an organization's entire digital presence, which can be massive and encompass hundreds of thousands of assets and millions of signals across the internet, cloud, and mobile app ecosystem. Today's attack surfaces are dynamic and global in scale—COVID-19 accelerated the decentralized work environment, cloud workloads have become critical to modern IT, and SaaS platforms play an increasing role in the enterprise. With each organization's security perimeter bleeding more and more into the internet, defending the extended enterprise is a global-scale challenge.

Attack Surface Management Requires Deep Intelligence Both Inside and Outside the Firewall

What is the Digital Attack Surface?

Today, a business's digital attack surface extends from the internal network to the farthest reaches of the internet, where traditional approaches to security have no visibility and attackers have plenty. Via a variety of vectors, advanced adversaries target massive vulnerabilities in ubiquitous systems used across the world.

Vulnerable Remote Access & Perimeter Devices

The enterprise digital attack surface includes everything outside the firewall, a collection of far-flung, client-facing assets adversaries can and will discover as they research their next targets, including:

Orphaned assets
Shadow IT
Malicious, imposter Infrastructure
Hosts, Services
Brands
Domains

User Web Behavior
Dark Web
Mobile Apps
DNS
SSL Certs
VIP Users

Social Media
Email
URLs
IoT
Open Web
Web Components

The above assets can fall into three main categories, each of which effective Attack Surface Management addresses:

Five Ways Hackers are Targeting Organizations

Analysis of an Attack Surface

The boom in internet-exposed assets from a decade of digital transformation, and accelerated by a seismic shift to a remote workforce in response to COVID-19, can make protecting your enterprise's digital attack surface feel overwhelming. Today, organizations are responsible for defending not only their internal network but also their digital presence across the internet and the cloud.

What Are The Challenges of Attack Surface Management?

This digital attack surface and the threat landscape that targets it are dynamic and changing—certificates expire, frameworks need patching, shadow IT stands up, and attacker tactics evolve. Bringing the massive scope of an organization's digital attack surface into focus is no easy task. Most security leaders only know of a fraction of the assets that exist outside their firewall.

The boom in internet-exposed assets from a decade of digital transformation, and accelerated by a seismic shift to a remote workforce in response to COVID-19, can make protecting your enterprise's digital attack surface feel overwhelming. Today, organizations are responsible for defending their internal network and their digital presence across the internet and the cloud.

RiskIQ Featuring Forrester: External Threat Intelligence

What Makes An Effective Attack Surface Management?

Security teams must now have the technology and security intelligence necessary to defend their organizations from a vast universe of threats, some of which traverse their network, many that don't. Effective attack surface management programs should have robust internal and external intelligence that gives security teams a 360-degree view of their organization's attack surface. This visibility includes the threat landscape, external context for internal security alerts, and an outside-in view of an organization to know what makes it uniquely vulnerable to specific attacks.

What Are The Core Functions of Attack Surface Management?

Discover Unknowns: Attack Surface Management must extend security teams and programs outside the firewall anywhere on earth, including on-premise, cloud, SaaS, IaaS, and XaaS, to address all threats and exposures associated with their digital presence. However, extending security across the modern enterprise attack surface isn't possible without an accurate, continuously updated inventory of all an organization's digital assets—known, unknown, and rogue.

Then, by applying tailored Security Intelligence, security teams can pinpoint how and where you are exposed. Security teams going toe-to-toe with a nearly infinite threat landscape needs relevant context and insights by automating data assembly from IPs, domains, services, ports, hashes, components, and code across the enterprise and third parties.

Investigate Threats: Security teams need the ability to hunt across their extended enterprise, including vendors, partners, and any internet asset. When an alert happens, the clock is ticking. Attackers are evading detection, reaching deeper into your environment, and taking more ground with ransomware, denial of service, and outright data theft.

Organizations must scale and enable security operations by automating data assembly to quickly find threat actors and their tools and infrastructure. This capability relies on fortifying group intelligence and skills and enriches workflows with live intelligence fused into every corner of the SOC.

RiskIQ Illuminate® Internet Intelligence

RiskIQ Illuminate is the first step in bringing together global visibility for an organization's digital attack surface in a single platform. We know our customers want to pull intelligence into the products and security stack to make those systems smarter and orchestrate a rapid, coordinated, cross-functional response.

The Illuminate platform has modules for everyone in the security team from the CISO, SecOps, CTI, Brand Intelligence, and Vulnerability Teams, enabling a unified view of internet threats that ultimately speed up decision-making and response times to reduce overall risk.

background image