Uncovering Hidden Systems: The Benefits of Implementing External Attack Surface Management Solutions
In a recent interview with Help Net Security, Adrien Petit, the CEO of Uncovery, discussed the advantages that organizations can derive from implementing external attack surface management (EASM) solutions. From the essential capabilities an EASM solution should possess to how it deals with uncovering hidden systems, Petit sheds light on the importance of managing and securing an organization’s digital assets.
The core capabilities of a robust EASM solution are crucial in ensuring effective management of an organization’s exposed assets. By mastering the assets exposed on the internet, an EASM solution should provide four key capabilities. Firstly, it should enable the discovery of both on-premises and cloud-based assets and maintain them within an inventory. This allows organizations to have a comprehensive view of their assets and keep track of any changes. Secondly, continuous monitoring of assets over time is vital to identify any alterations or potential risks. This regular monitoring ensures organizations stay updated on the state of their assets and can take prompt action if needed. The third capability is the assessment and prioritization of asset risk levels. This involves identifying misconfigurations, vulnerabilities, and rogue assets, allowing organizations to focus on addressing high-priority risks. Lastly, integration with tools used by operational teams, such as ticketing, messaging, and SIEM, facilitates the remediation and mitigation of identified risks.
While EASM solutions can bring numerous benefits to organizations, certain types of organizations stand to benefit the most. Companies and organizations with a large and/or fragmented perimeter can gain significant value from implementing EASM solutions. This is particularly true for organizations in sectors where the digital shift is complex, such as the industrial sector. However, despite the real interest generated by EASM solutions, their adoption is not yet widespread among security professionals. The necessity of mastering all assets exposed on the internet and understanding their level of risk is still not fully embraced by all. As a result, adoption is currently strongest in the most security-mature sectors, including banking/insurance, high tech, telecom, retail, and government. Small and medium-sized businesses (SMBs) often have a limited number of assets exposed, making their exposure more controlled and reducing their interest in EASM solutions.
EASM tools play a crucial role in integrating with existing cybersecurity frameworks and solutions. They ensure compliance with requirements imposed by industry standards such as ISO 27001, NIS 2, or DORA. EASM solutions can provide critical asset data to solutions like Cloud Security Posture Management (CSPM) or CAASM through API integrations, enabling teams to have an up-to-date view of the organization’s attack surface. Additionally, vulnerability scanners can benefit from an accurate and up-to-date inventory provided by EASM solutions. Alternatively, EASM solutions can directly integrate vulnerability scanners, enriching the risk assessment process. Combining vulnerability scanning with threat intelligence saves time and enables focused attention on critical assets.
To ensure the effectiveness of an EASM program, certain key metrics should be monitored. Specifically, two quantitative metrics based on coverage and accuracy prove valuable. From a discovery standpoint, the EASM solution should identify more assets than those already known during initialization. However, it should not burden operational teams with unnecessary work, providing a false-positive-free inventory. Continuous monitoring should swiftly report any newly discovered, decommissioned, or re-exposed assets in real time, rather than days or weeks later. Qualitatively, the assessment of risk levels of exposed assets should be adaptable and modular, aligning with industry standards and current cyberattack vectors. Additionally, the solution should offer integration options with commonly used operational tools.
One of the key challenges for EASM solutions is dealing with shadow IT. While an EASM solution may not cover the entire spectrum of shadow IT, it can still identify hidden systems within an organization. For example, an EASM solution can identify domain names registered by a subsidiary or a web agency that have not been declared to the larger organization. Additionally, it can identify websites put online by developers unknown to the central team. Uncovery has developed a unique approach to characterizing and classifying different elements, such as TLS certificates and Google Analytics, enabling the identification of shadow IT assets that can be added to the initial inventory of exposed assets.
User-friendly interfaces play a critical role in the successful implementation and operation of EASM within an organization. As cybersecurity solutions become increasingly utilized by non-technical operational users and managers, simplicity and accessibility are vital. Making data understandable, actionable, and synthesized for easy reporting is essential. Furthermore, with teams often using multiple solutions to cover their various needs, user-friendly interfaces ensure a certain level of adherence to the product. This helps avoid disappointment and non-use, ultimately leading to solution abandonment.
In conclusion, implementing an EASM solution can provide numerous benefits to organizations, particularly those with large or fragmented perimeters. By effectively discovering, monitoring, assessing, and integrating with existing tools, organizations can gain a comprehensive view of their attack surface and address risks promptly. While adoption is currently more prevalent in security-mature sectors, the importance of EASM is gradually being recognized across industries. By successfully managing an organization’s external attack surface, EASM solutions contribute to a strong cybersecurity posture and help prevent potential breaches and attacks.