enterprise security

SecurityTrails Blog · Sep 15 · by Esteban Borges

How Attack Surface Intelligence Drives Vulnerability Management

Reading time: 9 minutes
Listen to this article

Today, organizations the world over are facing sophisticated threats and cyber attacks on their valuable digital assets as well as embedded, unknown vulnerabilities in their infrastructures. And digital transformation, along with the pandemic and the shift to the cloud, have only accelerated changes in the way organizations operate, mainly with hybrid and remote work.

These changes in the digital environment consistently challenge organizations and CISOs to secure increasingly distributed infrastructures, all while dealing with the growing cyber skills gap and shortage of skilled and experienced security staff.

Further demands brought on by growing attack surfaces and the difficulties inherent in safeguarding them lend themselves to the development of new and better cybersecurity practices. In an effort to fortify and maintain their security postures, organizations are now fighting back with innovative ways of responding to sophisticated threats. This often involves a restructuring of current security practices, and the evaluation of new technologies employed to combat challenging, expanding enterprise infrastructures.

Understanding the appearance of an organization from an attacker’s perspective has proven itself as one of the most crucial practices to effect when addressing today’s cyber threat challenges. Fortunately, this is where Attack Surface Intelligence plays a key role in gathering data, monitoring, and assessing risks that need to be mitigated from an organization’s external environment.

Attack Surface Intelligence and vulnerability management: All-encompassing security for your external infrastructure

Attack Surface Intelligence is a critical process of external attack surface management that provides efforts for monitoring and assessing an organization’s attack surface, in the push to strengthen their security posture. Attack Surface Intelligence platforms help organizations expand their cybersecurity programs, by proactively tracking potential risks on all of their assets, risks that could lead to a successful cyber attack against the organization.

This is not to say that the new, evolved practices Attack Surface Management brings to the table call for the abandonment of more traditional methods. Rather, when organizations take on restructuring of their cybersecurity programs to protect themselves from attacks in this new environment, they should still consider time-tested approaches along with the implementation of more novel ones.

This is where we get re-introduced to vulnerability management. This time, however, it’s refined—and coupled with Attack Surface Intelligence. Both vulnerability management and Attack Surface Intelligence share the same goal: reducing risk by making the environment more secure.

And both Attack Surface Intelligence and vulnerability management need the support of strong vulnerability discovery and management in general. The two practices are quite similar. Just like Attack Surface Intelligence and its own management, vulnerability management is a process that includes several phases, and similar phases at that. Vulnerability management is concerned with identifying, assessing, prioritizing and resolving security vulnerabilities, while Attack Surface Intelligence is focused on the same phases, but for digital assets that could be threatened by security vulnerabilities and misconfigurations.

The reformed approach to vulnerability management takes on a more proactive role, as opposed to the traditional process of firing off vulnerability scanners periodically, and going through the process from there. Today, a successful vulnerability management program should include:

  • Assessment of all assets for vulnerabilities and misconfigurations, and doing so continuously
  • Classifying each vulnerability’s risk score depending on the severity of the risk to the organization
  • Predicting which vulnerabilities pose the most immediate danger to the organization
  • Providing risk-driven analysis of the infrastructure to inform further offensive and defensive security processes

Quite often, vulnerability management is not a continuous process; organizations can find themselves discovering and managing vulnerabilities on an ad hoc basis. This is why we need to look at a vulnerability management program from the angle of using it to enrich attack surface intelligence and management, which is inherently a continuous process.

With this approach, you’ll have the ability to continuously monitor all of your digital assets for new vulnerabilities and threats, and assess, classify and remediate them. This kind of refined way to look at two processes that share similar goals, but work together to provide a holistic approach to an organization’s security posture, is essential in dealing with today’s dynamic attack surfaces and the need for more granular visibility into digital assets.

It’s clear that the two practices are critical in order to protect our growing digital asset infrastructures from sophisticated threats. But let’s zone in on the specific risks where the two practices show their benefit the most.

Unknown assets can’t be protected

New technologies, apart from the many benefits they offer to organizations in any sector, have introduced a widening of enterprise attack surfaces. Thanks to cloud technology alone, numerous assets are spun up on the daily, often with no overview on their owner, use, or security status.

Not every asset that is outside of your visibility domain can be properly protected, and they can harbor destructive vulnerabilities. This is why Attack Surface Intelligence is key in uncovering your entire external infrastructure. And due to the changing nature of your post-cloud environment, it needs to be continuous. Right after we have a real-time picture of our external attack surface, we can focus on those assets that carry vulnerabilities and misconfigurations. Analyzing and classifying both assets by their impact severity, and including vulnerability management to handle vulnerabilities themselves will provide a complete picture of an organization’s digital risk profile and inform efforts for remediation.

M&As, subsidiaries and other third parties

What can make a dynamic attack surface even more challenging to protect than processes that include even more moving critical assets? Processes that also usher situations of heightened risk but lowered security. Mergers and acquisitions, divestitures, or work with any third parties can put organizations at risk due to the increased number of assets moving through their infrastructure, being shared to outside view and often without clear control by an organization’s security team.

For proper cybersecurity due diligence in these operations, a continuous assessment of assets and vulnerabilities is necessary. Attack Surface Intelligence can provide us with a thorough understanding of all moving assets and can guide decisions on which assets can be inherited, shared, or sunsetted. Additionally, assessment of all risks on those assets can inform efforts towards regulatory compliance, which is an essential part of any pre-M&A security assessment, or divestiture due diligence.

New misconfigurations and CVEs

The threat landscape is a dynamic, constantly evolving environment and we needn’t look any further than 2022 alone to prove it. We’ve been met with many widespread cyber threats this year, often with large blast radius. Whether it’s a critical Confluence RCE vulnerability; a critically-rated vulnerability on F5 Big-IP appliances used by 48 of the Fortune 50; one that slips under the radar (such as the most recent series of vulnerabilities on Veeam); or a global data backup, replication, and disaster recovery leader, new vulnerabilities and CVEs are always lurking.

For discovering new CVEs and whether your assets are vulnerable, full attack surface visibility is absolutely vital. With continuous attack surface discovery and analysis, you can quickly narrow down which assets need to be further scanned for vulnerabilities. This regular pattern of asset and vulnerability scans can enable your organization to quickly spot and eliminate potential new vulnerabilities. This is why attack surface intelligence and vulnerability management are an important pair: for a complete scan of your infrastructure you need to identify vulnerabilities but also know which assets can be exploited.

Static asset lists

Maintaining an up-to-date and complete digital asset list can ensure that you not only save time by not scanning out-of-date hosts, but also allow you to identify and focus on risks within your organization as quickly as possible. Without a complete and updated asset list, it’s impossible to secure your organization. It won’t allow you to scan every part of it.

Somewhat static and incomplete assets lists can’t be accurate as attack surfaces are continuously dynamic. Attack Surface Intelligence allows for a continuous and complete overview of your organization’s digital footprint, allowing you to account for every digital asset within your organization with ease. When you can account for each asset, that’s when you know that your vulnerability management program can actually scan each of them for vulnerabilities.

The Solution

Taking in mind the limitations that vulnerability management programs might have, we offer an Attack Surface Intelligence platform that approaches attack surface management with an intelligence-driven approach. This means that your organization will be able to maintain continuous awareness of your digital risk profile, thus reducing the expanse between vulnerability discovery and its final remediation.

Combining the strengths of a standard approach to attack surface management and vulnerability management, Attack Surface Intelligence provides full visibility into all of your digital assets with powerful vulnerability discovery and classification capabilities.

Attack Surface Intelligence addresses the entire process of attack surface management and vulnerability management by:

  • Asset discovery via the Explorer tab: Attack Surface Intelligence allows you to map all of your assets and allows you to keep an updated, complete list of hosts, servers and all other virtual assets, whether they’re shadow IT or part of your cloud infrastructure, ensuring no assets are missed.
Asset discovery via the Explorer tab

  • Prioritizing risks using Risk Rules: While discovering assets that are vulnerable, Risk Rules provides added functionalities. In order to secure your organizations, it’s important to know which assets need to be secured first. Attack Surface Intelligence lists key risks on your assets, and classifies them based on their severity—allowing you to prioritize remediation actions.
Prioritizing risks using Risk Rules

Another way to integrate our risk and vulnerability detection capabilities into your own apps is by using our Risk Rules API, which allows users to get immediate data for CVEs, including vulnerability name, description, risk severity (classification), affected hostnames, technical references found on the Internet, and project metadata such as ID, title and snapshot creation date.

Immediate data

  • Proactive asset monitoring with the ‘Activity’ tab: As we mentioned, digital assets change over time. Hostnames, servers, subdomains, all digital assets are continuously created, used, and deleted. Attack Surface Intelligence provides proactive asset monitoring so you can understand exactly which assets are exposed on the internet, and when. This provides you with greater control and understanding over the usage patterns within your organizations and allows your teams to find any vulnerabilities on exposed assets in real time.
Proactive asset monitoring

With the constantly growing attack surfaces of today’s organizations, organizations struggle to keep up with the sheer number of assets they must discover and scan for vulnerabilities. And it takes only one missed vulnerable host to compromise an entire organization. Pairing continuous intelligence and proactive vulnerability discovery and management, Attack Surface Intelligence allows your organization to continuously monitor your assets for vulnerabilities as your attack surface grows. Request a demo to see it in action.

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

X