Attack surface management (ASM) this few years is gaining momentum, as it provides a fresh new approach to security from the attacker’s perspective. As the market starts to realise reducing attack vectors is not practical to cope with modern challenges.
In the IT field, it is very common for a couple of years to change and invent or coin a new term to cover one domain of practices, attack surface management (ASM), which has risen in popularity and came from the enterprise vulnerability management and penetration testing, red team operations.
Just as you can imagine, technology and attack surfaces constantly change, in particular for the emerging technologies, from the non-traditional IT assets, from cloud, from container, from Internet of Things (IoT), from Operation Technology (OT), from supply chain, from bring-you-own-device (BYOD).
ASM takes a slightly different approach compared with existing penetration testing and red teams operation (where they typically provide insight and launch in a controlled environment or against a specific aspect of the IT environment basis or as a project). As such, ASM provides a good input such that the attack surface is mapped out on a continuous basis, so enterprises can quickly do what is necessary before an attacker can find them and act on them. Key differences here is organization with ASM gain access to continuous real time attack surface management and path mapping, where pentesting and red team despite is worth the effort, but it typically carry out as per project basis, and may open a gap, and that gap can be filled with ASM in place.
All existing cybersecurity strategies surround protection, classification and identification of digital assets, it is asset-centric so to speak. With the new modern perspective and approach, ASM automates activities and covers assets “outside” the scope of traditional mapping, firewall and endpoint protection controls. It complements real-time attack surface analysis and vulnerability management to prevent security control failures and reduce the risk of data breaches and exposure.
This is the value for attack surface management (ASM), and you are expected to see more and more vendors offering it in their product portfolio.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.
Other post you may be interest:
- Put report and disclose cyber attacks mandate by law
- Threat Modelling before technical vulnerability management
- From Cloud Migration to Cloud First Cloud Native transition
- Ransomware continue be the main security threat from now and beyond
- Ongoing Online platform data breach rise the market concern