Photo by Possessed Photography on Unsplash
Attack surface management (ASM) is the continuous discovery, inventory, classification, prioritization, and security monitoring of external digital assets that contain, transmit, or process sensitive data. In short, it is everything outside of the firewall that attackers can and will discover as they research the threat landscape for vulnerable organizations. In 2018, Gartner urged security leaders to start reducing, monitoring and managing their attack surface as part of a holistic cybersecurity risk management program.
Today, attack surface management is a top priority for CIOs, CTOs, CISOs, and security teams. What is an Attack Surface?
Your attack surface is all the hardware, software, SaaS, and cloud assets accessible from the Internet that process or store your data. Think of it as the total number of attack vectors cybercriminals could use to manipulate a network or system to extract data. Your attack surface includes:
Known assets: Inventoried and managed assets such as your corporate website, servers, and the dependencies running on them.
Unknown assets: Shadow IT or orphaned IT infrastructure that stood outside the purview of your security teams, such as forgotten development websites or marketing sites.
Rogue assets: Malicious infrastructure spun up by threat actors such as malware, typosquatting domains, or a website or mobile app that impersonates your domain.
Vendors: Your attack surface doesn’t stop with your organization; third-party and fourth-party vendors introduce significant and fourth-party risks. Even small vendors can lead to large data breaches; look at the HVAC vendor that eventually led to Target’s exposure of credit card and personal data on more than 110 million consumers.
Millions of these assets appear on the Internet daily and are outside the scope of firewall and endpoint protection services. Other names include external attack surface and digital attack surface.
