Ran Nahmias, Co-founder and CBO, Cyberpion
In the past, a web application or online service could be taken at face value by your customers and employees. It was created, developed, and secured by your organization, and every element of the IT infrastructure that supported that service was under your control.
Today, all that has changed. Internet-facing services are built on an ecosystem of third-party services and infrastructures, which in turn are built on even more third-party infrastructures. For example, a single page in a web application can rely on content and code from hundreds of different third-party sources such as user trackers, ads, fonts, and many others.
While some of these sources and services may be under your direct control, most are not. The majority of these third-party assets and sources are indirectly tied to your organization’s websites, applications, and core IT network – yet you are responsible for the security of this entire ecosystem. A breach anywhere along these chains could lead to a compromise of your services and ultimately your users, customers, and business.
Gartner calls this highly-exposed ecosystem your “external attack surface,” and has recently recommended adopting an External Attack Surface Management (EASM) approach. In this article, we’ll drill into the capacities of EASM solutions, and how companies can use them.
External Attack Surface Management Explained
Gartner defines EASM as “the processes, technology and professional services deployed to discover external-facing enterprise assets and systems that may present vulnerabilities.”
Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) services that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization.
EASM platforms provide the capabilities necessary for security organizations to protect their organization from vulnerabilities:
- Asset discovery – Do you know about every IT asset that your organization’s online presence is built on? If you don’t know about it, how do you know if it’s secure? One of the easiest opportunities for a hacker to attack your organization is via an IT asset that you aren’t paying attention to. EASM solutions can automate the process of discovering the entire inventory of IT assets that you are exposed to. Cyberpion‘s Ecosystem Security platform looks beyond just third-parties, and discovers the complete chain of IT infrastructures that you are connected to.
- Vulnerability analysis – Knowing about an asset isn’t enough, the next critical aspect of EASM is understanding if the asset has any vulnerabilities that can put your organization at risk. This is where the selection of an EASM platform can make or break your security team. Vulnerabilities need to be brought to the attention of security personnel in an efficient and effective manner. Pay special attention to how your EASM platform identifies and ranks a vulnerability and what steps to take to eliminate it. Cyberpion‘s Ecosystem Security platform takes a multi-layered approach to assessing the vulnerability of an IT asset in order to reduce false positives.
Applying EASM
Organizations also use EASM solutions to achieve a number of secondary, yet equally important, security goals including:
- Cloud security – Cloud-first application development is now the new norm. Due to the heavy reliance on public cloud infrastructures, ecosystems of third-party infrastructures are already baked into the product. EASM solutions can inventory all of the cloud assets your service is built upon across multiple cloud providers and all of your third-party vendors to aid in your cloud governance processes, as well as cloud security.
- Credential leaks – A critical attack method employed by many malicious actors is to gain access to user credentials and incrementally gain access to more critical systems. EASM solutions are adept at finding login pages that are vulnerable to credential scraping.
- Vulnerability assessment for subsidiaries – A leading cause of unknown, lost, or abandoned IT assets occurs when IT and security management crosses multiple organizations, including subsidiaries and acquired business. EASM solutions enable cross-enterprise vulnerability assessments, including digital assets belonging to subsidiaries that may pose a risk to the connected primary enterprise.
The Bottom Line: EASM is Part of Today’s Security Picture
Hackers are increasingly targeting the IT infrastructures of your third-party vendors – rather than attacking your security perimeter head-on. EASM solutions enable your security team to take a proactive approach to resolve the vulnerabilities within their entire IT ecosystem.
EASM needs to be closely integrated and overlaid with additional enterprise vulnerability and threat management platforms. Adopting the right EASM solution gives your organization a broader view and coordinated approach towards enterprise security that is a more effective way to mitigate risk. As we read news reports of the growing number of breaches that occur due to a breach at a third-party vendor, enterprises need to adopt these kinds of solutions yesterday, to meet the very real security challenges of today.
Cyberpion offers a complimentary attack surface vulnerability assessment. To understand the full extent of your vulnerabilities, request your assessment today.