Attack Surface Management - What's old is new again!!

By -

 






Attack Surface Management (ASM), a new sexy approach to cyber security visibility. 

"How about we try to see what systems are exposed to the public Internet  so we can make sure they are being secured."

ASM is not Vulnerability management (detection of cyber security weaknesses) but rather takes a step back to answer the question, "What do I need to secure?" but is can also help identify the SBoM (Software Bill of Materials) across deployed systems.

Attack Surface Management (ASM) which provides you the ability to see all services exposed to the public internet across your global estate. As new systems are deployed, decommissioned or a system changes, ASM can inform you of the event.  This is done in real-time and on a continuous basis in most cases.

I wrote a bog in 2018  when we first introduced Edgescan's ASM solution which has evolved since by including both API discovery and multi-region monitoring.

API discovery locates exposed API endpoints using multilayered probing techniques. In many cases organizations simply don't know what API's they have exposed this can be due to poor asset management or the fact that some web application frameworks deploy an API by default.

Multi-Region monitoring: performs ASM from different source IP's globally to help you understand if there are any Geo-related traffic controls you may not see by scanning from a single Geo-IP.

The value of ASM is to provide real-time information as systems change and to help identify and alert you of items which may require attention such as exposed services, insecure protocols, rogue deployments, outdated software and so on.

Features we employ in edgescan ASM are as follows:

  • Fast network host discovery and asynchronous port scanning across the whole global perimeter. Allowing the identification of networking devices, platforms, operating systems, databases and applications.
  • Mapping and indexable results which help determine which service ports are present and listening for transactions. The can result in detecting exposed ports, vulnerable services or misconfigured firewalls.
  • Customizable scan profiling – to help us be specific about the services and systems you care about, say a random high port system or specific service in a specific region.
  • Service Detection – Discovery of exposed services based on response fingerprints and identifiers. Resulting in discovery of older or deprecated exposed systems. Coupled with continuous vulnerability management this is very effective of rapid detection of weaknesses due to Vulnerable and outdated software.
  • On demand live retests on exposed ports. As you close off exposures you may want on-demand probing to ensure you have fixed the exposure.
  • Historical host information for point in time reads of endpoints. Detailing a history of historical discoveries can assist with incident reporting and root cause analysis.
  • Detection of misconfigured ACL's or Firewall rules leading to service exposure resulting in weakness.
  • Customizable targeted alerting, which notifies you automatically of any potential exposures (e-mail, webhook, SMS) in real time.
  • IoT detection; as we know lots of vulnerable IoT deployed out there, much of it connected to corporate networks and much of it with little or no security controls enabled.


...We have observed very effective cyber security programs when ASM is coupled with continuous full stack vulnerability management, in particular if the newly discovered assets via ASM are automatically assessed for vulnerabilities. In effect ASM and vulnerability management working together...resulting in rapid vulnerability detection and response....

For real precision and fidelity, ASM combined with fullstack vulnerability coverage is required. ASM is not an application security or a network security solution but a full stack visibility.....

Edgescan ASM is in many cases included as a feature and is available with Edgescan's Vulnerability Intelligence Service. More at www.edgescan.com








Comments

Post a Comment

Popular posts from this blog

Edgescan, why we do what we do.....

By -
Image
  The cyber security industry is full of solutions to make you more secure. Some are unproven and other approaches work if deployed properly. Our industry is very fragmented. for example a recent "Cyber Defense" award I noticed has 195 categories!  I suppose we need to ask ourselves as companies from time to time why we do what we do?  So, the following post is, I guess, the reason we developed Edgescan and why we believe its a decent solution to help organizations improve and be more resilient in relation to cyber security and system protection.... Vulnerability scanning alone did not work. The idea of software testing software for vulnerabilities is a good one but both sides of the equation may have bugs. Bugs in one side (The target) may result in vulnerabilities, whilst bugs on the other side (Scanner) may result in false negatives and false positives.  Accuracy : To that end we built edgescan as a combination of automation to discover vulnerabilities at scale but  when c
Read more

20 years of Vulnerability Managment - Why we've failed and continue to do so.

By -
Image
Cyber Security: Keeping Pace with Change. Getting breached can really ruin your day. Actually it normally happens on a friday evening as you are about chill for the weekend. The cause of must breaches is not rocket science, its more to do with the poor approach we have accepted because we underestimate the threat actor.  - An attacker does not scan your website/network once a quarter with a commercial or open source scanner or perform an annual penetration test against your systems to see if there is any low hanging fruit, so how do we expect to defend against such an advisory using that approach? Systems change now more frequently than ever due to the ease of cloud deployments and the speed of software deployments due to iterative development techniques. The rate of change increase results in exposures quickly manifesting and the organisation not even being aware of the exposure in the first place. Many organisations dont know what they have exposed on the public Internet. We need t
Read more
By -
Image
The HSE Data Breach and the State of Irish Cyber Security Many years ago, shortly after I founded the Irish chapter of OWASP ( http://www.owasp.org ) (in 2007??) we were delivering free application and software development classes to anyone who wanted them. It was a local low key affair but every class we delivered was "sold out". We have 60-80 folks mostly developers willing to spend 4-5 hours on learning the fundamentals of secure application development and testing. I suppose we felt cyber security was an important issue because that's what we did. At the time many folks in business felt cyber security was an overhead or a "tax" and did not give it much time. A few years later (late 2010) when the the foundation of the NCSC (National Cyber Security Centre) was announced, a few of us (local OWASP Ireland leaders) wrote a number of emails to the Irish government offering free cyber security training. As we were working for a non profit (501.3c) charity (OWA
Read more