Five-step process
You are not powerless against the threats that lurk beyond your firewall. ASM consists of a set of logical steps that are undertaken continuously to keep your organisation safe. The five steps are:
- Discovery
- Continuous testing
- Context understanding
- Prioritisation
- Remediation
Let’s look at each in turn.
Discovery
To manage your attack surface, you need to know exactly what it looks like. The first step is discovery, identifying all internet-facing digital assets, whether owned and operated by your organisation or by third parties such as suppliers, partners, external contractors, or cloud providers. A modern ASM program uses the same technology that attackers use to ensure no asset is missed in the discovery process.
Continuous testing
Your attack surface is growing and changing all the time, so discovery must be an ongoing, iterative activity driven by continuous testing for all potential attack vectors. Additionally, because new malware is being created all the time, and your system is constantly expanding through the addition of devices and users, continuous testing is necessary to ensure your network does not fall prey to a risk you failed to foresee or mitigate.
Context understanding
Not all assets carry the same level of importance or present the same amount of risk. You need to consider their purpose (do they hold customer or employee personal data, for instance?), their technical properties (IP address, type of device), asset owner, importance to business continuity, connections to other assets, and legislative/compliance requirements. Once you have determined the context of each asset, you can prioritise its level of risk and any remediation necessary.
Prioritisation
Prioritisation is not only about assigning a risk rating to an asset but deciding how best to deploy your resources. It might be ideal for working through all your assets from high risk to low, fixing all vulnerabilities. But, in reality, it’s probably impossible to fix everything. Instead, you must prioritise the risks that present the most urgent danger to your organisation’s integrity. To do this, you must consider the business context combined with technical factors such as ease of discovery and exploitation, likely attackers’ priorities and difficulty of remediation. Only then will you arrive at a meaningful set of priorities.
Remediation
Remediation is itself a complex process. There may be conflicting requirements; how do you choose which gap to plug first? It is likely that the team that understands the business context (probably security ops) is not the same as the team that understands the technical context (IT ops). Good communication between the two is vital. For example, IT ops may want to fix the most significant technical weaknesses first, while security ops are focused on the business vulnerabilities. If these two teams can build trust and understanding, you will arrive at a process that strikes the right balance for the overarching good of the business.
Find out more
NEWORDER offers enterprise-wide Attack Surface Management to keep your systems safe. We will comprehensively view your assets and help you manage your cyber security risks. For more information on ASM and our full range of Information Security and Cyber Security services, contact us today for a no-obligation discussion.