The external attack surface is the sum of all potential attack vectors originating outside your internal network, that is, your third-party attack surface. With reliance on third-party vendor relationships increasing, External Attack Surface Management (EASM) plays a more prominent role in data breach prevention programs. An external attack surface management tool could significantly streamline the processes involved in EASM, lifting the overall efficiency and efficacy of such a cybersecurity initiative - but only if it contained the proper set of features.
Regardless of your industry, if you’re in the market for an external attack surface management solution, this post outlines the key features and capabilities to look to maximize the returns of your cybersecurity investment.
Difference Between Attack Surface Management and External Attack Surface Management
External Attack Surface Management is a sub-process of Attack Surface Management (ASM) - the ongoing effort of discovering and remediating security risks mapping from IT assets in an organization’s attack surface. External Attack Surface Management solely focuses on vulnerabilities originating outside of your IT ecosystems, such as:
- Third-Party Cloud Services
- Supply chain risks
- External digital assets
The best attack surface management tools address the entire scope of an organization’s attack surface - on-premise and external internet-facing assets, offering EASM in this one ASM solution.
UpGuard combines internal and external attack surface management features in one intuitive platform. Watch the video below for a quick overview of the UpGuard platform.
3 Must-Have Features in an External Attack Surface Management Tool
Your tool should map to the following features to address all essential use cases for External Attack Surface Management.
1. External Asset Discovery
Keeping an up-to-date asset inventory is complicated because the external attack surface keeps expanding. New domains and web asset dependencies are constantly being introduced. While the number of new domains expanding a company’s attack surface depends on its unique digital footprint, on average mid-sized companies have been observed to have one new domain appearing every day - a rate that's both high enough to be significant and low enough to be easily tracked by attack surface management software.
UpGuard has found that mid-market companies have an average of 1 new domain appearing in their attack surface every day.
To keep up with this extending surface, an ideal EASM tool should be capable of tracking all newly networked internet-facing assets in real time.
By keeping security teams informed of all exposed known and unknown assets in their external attack surface, this continuous monitoring has cascading positive impacts on other cybersecurity workflows depending on asset inventory awareness, including:
- Threat intelligence
- Vulnerability Management
- Vulnerability Scanning
- Penetration Testing (Pen Testing)
- Vendor Risk Management
- Attack Surface Monitoring
- Cyber Risk Remediation Efforts
How UpGuard Can Help
With UpGuard’s attack surface management features, you can keep an accurate and always up-to-date inventory of all external facing assets.
UpGuard’s automated asset discovery process maps domains and IP address mapping to your organization based on active and passive DNS and other fingerprinting techniques.
You can also specify IP address monitoring ranges for IT asset detection. This will automatically acknowledge any new devices connected within these ranges once they become active, keeping your asset inventory updated.
Watch the video below for a quick overview of UpGuard’s attack surface management features.
2. Third-Party Cyber Risk Detection
An external attack surface management tool should be capable of addressing the unique cyber threat profile of the third-party attack surface, namely the following cyber attack vectors:
- Compromised Internal Credentials - Successful ransomware attacks involving critical third-party vendors often compromise the internal credentials of privileged users. These are then sold in dark web marketplaces as vectors for follow-up direct data breach attempts.
- External-Facing Asset Misconfigurations - As digital transformation continues to push solutions to the cloud, third-party attack surfaces are becoming more susceptible to misconfigurations, especially through cloud storage and middleware solutions. With conventional middleware architectures being replaced with multiple solution integrations, web application dev ecosystems are more prone to Shadow IT practices, which exposes this attack surface to another dimension of potential malicious entry points.
- Third-Party Provider Vulnerabilities - Third-Party security risks, when exploited by hackers or threat actors, facilitate third-party breaches, malware injections, and even phishing attacks. Open-source third-party services are always being scoped for new vulnerabilities, unsecured APIs, and open ports by hackers, making these vendor solutions particularly critical attack vectors.
- Internet of Things - IoTs usually run on third-party software, and if not properly secured within a firewall, these endpoints could be manipulated to target your web servers with a flood of superfluous connection requests, forcing them offline - a type of cyber attack known as a DDoS attack.
After detecting these threats, an EASM security tool should serve as the top levels of a cyber threat mitigation funnel, progressing each risk through a complete risk mitigation lifecycle. Within the context of the popular risk management framework, NIST CSF, an EASM, would sit in the Identify function with additional capabilities spilling over into the Protect and Detect functions.
By integrating an EASM into a complete risk management framework, deeper third-party risk insights can be gathered through risk assessments to uncover advanced sources of risk, such as security control efficacy and regulatory compliance gaps.
How UpGuard Can Help
UpGuard’s risk profile feature detects a vast range of potentially exploitable attack vectors in the external attack surface, including complex risks like unmaintained web pages, end-of-life web server software, and vulnerabilities in Microsoft Exchange server software.
3. Vendor Security Posture Tracking
To completely take advantage of this branch of cybersecurity's external attack surface awareness potential, an EASM tool should include a mechanism for measuring vendor security postures in real time. This will establish a feedback mechanism for continuous improvement and open the door to advances cyber risk remediation techniques like risk prioritization.
Security ratings provide one of the most reliable and trustworthy methods for tracking security posture changes. Based on an analysis of common attack vector categories, security ratings provide a quantified measurement of an organization’s degree of cyber threat resilience based on a rating ranging from 0-950.
Because security ratings provide an efficient method of quickly evaluating a vendor's security posture, Gartner predicts this methodology will become as ubiquitous as credit ratings when evaluating the cybersecurity of prospective vendors.
According to Gartner, cybersecurity ratings will become as important as credit ratings when assessing the risk of existing and new business relationships…these services will become a precondition for business relationships and part of the standard of due care for providers and procurers of services. Additionally, the services will have expanded their scope to assess other areas, such as cyber insurance, due diligence for M&A, and even as a raw metric for internal security programs.
How UpGuard Can Help
UpGuard’s security ratings feature offers an accurate and unbiased representation of each vendor’s security posture.
Because UpGuard’s security ratings are updated in real-time, security teams can use this feature to confirm the efficacy of requested risk remediations. UpGuard also leverages its security rating engine to help security teams design the most efficient remediation plans by projected the impact of selected remediation tasks on security postures.