"Cyber risk reduction through Four Key Strategies in External Attack Surface Management (EASM)"
In today's digital age, the importance of securing a company's internet-facing attack surface cannot be overstated. A case study involving an e-commerce retailer serves as a stark reminder of the potential risks and the need for effective External Attack Surface Management (EASM).
The Growing External Attack Surface
The number of company-owned assets connected to the internet is increasing exponentially, making it crucial to identify all these assets for effective protection. This task, however, can be challenging, especially for medium-sized and large corporations.
Beyond Asset Discovery and Vulnerability Scanning
EASM goes beyond classic asset discovery and vulnerability scanning, addressing "blind spots" such as forgotten cloud assets or incorrectly configured IT and IoT infrastructures. It is integrable into existing processes and systems via appropriate interfaces for seamless information handoff, ensuring a minimal impact on ongoing operations.
Minimizing External Cyber Risk
An effective EASM solution minimizes external cyber risk not just by adhering to compliance standards, but by minimizing risks based on continuity and uniformity. It provides important information on effective preventive measures to prevent similar incidents.
Prioritizing Vulnerabilities
The Security Operations Team prioritizes vulnerabilities to minimize the overall risk of successful attacks. The exploitability of a vulnerability is assessed by determining if there are known attack vectors for the specific security vulnerability.
Continuous Monitoring
Continuous monitoring through EASM could have prevented the Jenkins server from being accessible via the internet, as seen in the case study. Companies should continuously monitor whether their assets are affected by already known and published security vulnerabilities.
The Importance of Dynamic Application Security Testing (DAST)
Dynamic application security testing (DAST) is used to find out if certain applications pose a potential risk. It helps in identifying vulnerabilities that could be exploited by an attacker, such as SQL injection or cross-site scripting.
The Role of Credential Testing
Credential testing is used to check for unauthorized logins. This process ensures that only authorized individuals have access to sensitive data and systems.
The Consequences of a Lack of Risk Awareness
A lack of risk awareness can lead to compromising sensitive data, as demonstrated in the case study where an attacker discovered a largely unprotected Jenkins server and gained access to private SSH keys and API keys, compromising several terabytes of data stored in S3 buckets, including personal information of customers.
The Need for a Multi-Stage Concept
Effective protection of a company's IT infrastructure requires a multi-stage concept for EASM. This includes regular vulnerability scans, penetration tests, and the use of dynamic application security testing (DAST).
The Benefits of a Centralized Platform Solution
A centralized platform solution for EASM that covers all four phases can significantly reduce external cyber risk. It provides a unified view of the attack surface, making it easier to manage and mitigate risks.
In conclusion, EASM is a crucial tool in the fight against cyber threats. By continuously monitoring and managing the external attack surface, companies can significantly reduce their external cyber risk and protect their sensitive data.
%22){kind=link}