Attack surface management (ASM) is the process of maintaining visibility into an ever-changing network environment so that security teams can patch vulnerabilities 和 defend against emerging threats. 那么,an是什么 攻击表面? 这是你的整个网络, on- premise和off, 和 the potential vulnerable points where attackers could gain entry.
Forrester定义 攻击表面 management as the process of continuously discovering, 识别, 盘点, 评估 曝光 一个实体的IT资产不动产. 基于以上的一切, we can safely assume this is something security teams have regular difficulty staying on top of 和 addressing. Limited visibility in an environment means you don’t know about everything that could possibly hurt the organization 和 the business.
如果能见度有限, keep in mind that any sort of process in application development could be compromised due to a 缺乏可观测性 of aspects such as how code is behaving in production. 简单地说, limited visibility into the 攻击表面 renders unreliable many aspects of business operations 和 security.
Security organizations can monitor 和 manage 攻击表面s by managing vulnerability, 定期测试web应用程序, 自动化 军事 response, 和 gaining visibility into the most up-to-date indicators-of-compromise(国际石油公司). There is no one correct way to manage an entire 攻击表面, 特别是在大型企业组织中. 但, 通过增加能见度, a security team can begin to tailor actions 和 search for solutions specific to its environment.
Attack surface management is important because it provides the visibility, 上下文, 和 prioritization needed to address vulnerabilities before they can be exploited by attackers; it’s critical for teams who want a deeper underst和ing of their key risk areas. Attack surface management also aids in making IT, 安全人员, 和 leadership aware of what areas are vulnerable to attack, so the organization can find ways of minimizing the risk.
Aspects of the process – like 漏洞评估s 和 penetration testing – are best practices teams can leverage to gain visibility 和 上下文 into where breaches might occur along the 攻击表面. This overall 攻击表面 analysis strategy can increase awareness of both technical 和 process-related risks.
The challenges around external 攻击表面 mapping are many, but that doesn’t mean there aren’t solutions for a capable SOC. Whether that team exists all in one location or they’re scattered the world over, it’s imperative for a globally distributed workforce to secure its modern 攻击表面. Let’s take a look at a few highlights among those challenges:
The ephemeral nature of maintaining the bulk of operations in the cloud means that there is no defined perimeter like in the “old days” of on-prem-only. 这个范围是不断变化和扩大的, so the challenge of distributed IT ecosystems that host 和 house an organization’s clouds is that it can be difficult to monitor 和 secure a national or global perimeter that lies beyond firewalls 和 other protocols that protect local networks.
之间的合作 传统上孤立的团队 can be a challenge when attempting to monitor 和 map your 攻击表面 for budding threats, especially when those teams can be distributed geographically, 这是否意味着远程工作者的网络, 区域办事处, 或者跨国公司总部. 这些天, there is a greater focus on solutions that can provide the shared view 和 common language that can bring together those 传统上孤立的团队 to work toward a common goal of threat prevention.
Between known 和 unknown assets constantly joining the network, 你的攻击面每天都在增长和变化. 自动化操作内有效 外部攻击面管理(EASM) strategy can cut down on the time it takes to secure post-perimeter assets, such as those that are exposed to the public internet 和 could be at the mercy of public-cloud misconfigurations.
EASM解决方案可以进一步优化 云安全态势 和 are increasingly focused on 识别 rogue external assets. 他们应该能够做到 利用外部威胁情报 to conduct targeted threat hunts 和 prioritize remediation, from the nearest network endpoints to around the deep 和 黑暗的网络. 以这种方式, practitioners can underst和 what threat actors are doing in the wild 和 how it could bleed into the internal environment.
This includes extensive scanning to discover systems 和/or assets that may be particularly open to threats. These sorts of assets could be anything from application builds, to personal assets accessing a company’s network, to the hardware/software of a supply chain partner. 最后一点特别令人关切, as most every company in existence leverages the services of multiple vendors, who each leverage the services of multiple vendors of their own – 和 so on 和 so on.
This complexity 和 reliance on so many partner networks underscores the need to go beyond discovery, to accelerate scanning 和 visibility into real-time territory. As threat actors gain speed with their breach methodologies, security organizations must keep pace as the time to exploitation continues to shrink.
Regular testing – of varying types – is a reliable way to ensure applications 和 systems are properly secured. From there, you can determine what action needs to be taken to fortify perimeters.
It’s crucial to have 上下文 around potential risks or threats. Data sprawl 和 complexity can lead to an unwieldy 攻击表面 that poses major challenges to security operations (SecOps) teams looking to fully underst和 threats 和 manage vulnerabilities at an ever-increasing pace.
上下文ualized threat intelligence can help provide insights into every layer of your tech stack so you can effectively prioritize 和 respond to risks 和 threats. This means more than just intelligence feeds: it also means underst和ing public accessibility, 存在漏洞, whether or not a resource is associated with a business critical application, 和更多的. Vulnerabilities have a certain level of risk, as does every asset on your network. 因此, it’s crucial to have strategies in place that prioritize remediation of the most sensitive risks before they become real threats.
The sheer number of security issues that can arise in one security organization, 不管是在SOC还是其他地方, is not necessarily an indicator of the team’s ability to thwart threats 和 patch vulnerabilities. A modern 攻击表面 includes both on-premises 和 cloud environments. 这种蔓延包括这样的场景 身份和访问管理(IAM) team dealing with millions of distinct identities as each resource 和 service is assigned a role. Each of those roles has its own exploitable permissions 和 privileges.
去年,88%的组织 报道称他们计划增加开支 on, among other things, improving alert 上下文 和 prioritization. Automating processes like risk analysis 和 workflow frameworks can vastly decrease the complexity 和 enormity of evaluating which incidents are in the most need of timely remediation.
It’s critical to implement 和 continuously enforce internal compliance – 和 regulatory, if applicable – st和ards that shrink your 攻击表面 as much as possible.
严格遵守 合规政策 can have the benefit of accelerating response time in that smaller 攻击表面. By also incorporating as much automation as possible, you can reduce the blast radius when an attack or breach does occur. Shifting security left is an example of how those st和ards can also create a culture of faster response. This means integrating security earlier into the application development/deployment process via continuous template scans while builds are taking place 和 also post-deployment.
As your network grows, your 攻击表面 expands. That’s a lot of space for attackers to find a way in 和 exploit it to the max. 与, 如上所述, 上下文ual threat intelligence 和 prioritization, over time it can become possible to behave like an attacker, staying one step ahead 和 remediating issues before they can be exploited. 自动修复 plays a critical part in the ability to rapidly address one potential threat after another.