Security providers are rushing to offer security posture management capabilities in their products, as companies face challenges in finding and closing off paths that attackers could use to infiltrate and compromise their IT environments. This emerging industry segment, also known as exposure management, has gained traction due to predictions from analyst firms such as Gartner that companies will shift towards managing their exposure to threats rather than focusing solely on vulnerability management, attack-surface management, and privileged-account management.
One company making strides in this space is Cymulate, which announced its threat exposure management platform in June. The platform takes data from various sources, including an inventory of assets, vulnerabilities, potential attack paths, and adversaries’ tactics, to create a measure of risk. By analyzing combined vulnerability and identity data, companies can better understand and assess their exposure to potential threats.
Tenable, another exposure management firm, recently released identity-focused features in its Tenable One platform. These features allow companies to analyze Active Directory and Azure AD instances to identify identity-based weaknesses such as over-permissioned accounts, orphaned users, and anomalous identities. Nico Popp, Chief Product Officer at Tenable, emphasizes the importance of bringing vulnerability management and identity exposure together, as it enables organizations to think like an attacker and strategically defend their most critical assets.
Exposure management has traditionally focused on vulnerabilities and weak identities, but it is now expanding to include identity management and privileged access management (PAM) providers. Grady Summers, Executive Vice President of Product at SailPoint Technologies, highlights the significance of identifying over-entitled accounts and users with excessive privileges, as these can also be considered vulnerabilities. The shift towards exposure management is helping companies uncover blind spots in their security measures and take proactive steps to mitigate risks.
In addition to vulnerability and identity management, exposure management involves validating the threats associated with specific weaknesses. This validation ensures that vulnerabilities are both reachable and exploitable by attackers. To assess the risk level of critical assets, organizations construct potential attack paths that attackers could take through the environment using vulnerabilities in different systems. By simulating these attack paths, companies can prioritize patching and implement new controls more effectively. For example, a common attack path might involve exploiting a vulnerability in a web server, escalating privileges, and then accessing a database. Running simulations helps organizations determine the viability of such attacks and make informed decisions about security measures.
Identity compromise often provides a shorter route for attackers to achieve their goals. Therefore, exposure management places significant emphasis on analyzing and securing identities. An identity attack targeting a privileged user with weak security measures can lead to the compromise of critical databases or systems. By addressing identity-related risks, companies can reduce the likelihood of successful attacks.
As exposure management continues to evolve, companies are gaining better ways to secure their changing IT environments. By analyzing vulnerabilities, identities, and potential attack paths, organizations can prioritize their efforts and effectively manage their exposure to threats. This holistic approach allows companies to tackle the most critical security issues proactively and minimize the risk of exploitation.