External Attack Surface Management (EASM) is an emerging approach to cybersecurity that involves identifying and managing the risks presented by assets and systems exposed on the Internet. The term EASM refers to both the processes and technologies needed to discover these assets and effectively manage their vulnerabilities.
In an enterprise, these assets are most often infrastructure components (VPN, router, firewall, etc.) and web applications.
Constant monitoring of these systems can be very resource-intensive, but it's essential if you want to keep your information systems under control. The consequences of a poorly managed attack surface are manifold, and can lead to the total paralysis of a company and the theft of all its data.
To illustrate just how easy it is for an attacker to find a target, anyone can use the online service Shodan.io to find the location of connected objects.
What do I risk if my EAS is poorly managed?
If you don't have a constantly updated list of your assets exposed on the Internet, you can't know in time if they contain vulnerabilities. Cybercriminals can exploit these vulnerabilities in a number of ways.
- DNS redirection: when setting up new websites, one of the risks is to leave vacant addresses that an attacker can buy and use to host a fake site for phishing purposes, for example.
- Denial of service (DoS ): this attack consists in temporarily or indefinitely making a machine or network unavailable, using a variety of methods. Any machine connected to the Internet is susceptible to this attack.
- Social engineering : this refers to all methods of targeting individuals through psychological manipulation. The exposure of employees' personal data on the Internet makes this type of attack more frequent, by making it easier for cybercriminals to make contact with employees. Phishing falls into this category.
This non-exhaustive list presents just some of the many risks incurred when a company's external attack surface is poorly managed. This is the problem solved by EASM methods.
How do you define and protect your external attack surface?
Defining and protecting your external attack surface is a multi-step process.
Asset discovery: What do I own?
During this stage, the aim is to map all assets accessible on the Internet. You need to take a cybercriminal's point of view in order to identify everything that might be accessible to the public, whether intentionally or not.
Analysis: Are my assets at risk?
Once the list of exposed assets has been drawn up, the next crucial step is to assess whether these assets present any vulnerabilities. Depending on the type of asset, this can involve a great deal of testing, and can quickly become complex. Employing the expertise of pentesters, cyber actors whose aim is to test the defenses of information systems, for example, ensures the efficiency of this stage.
Prioritization: Where should I focus my efforts first?
The next step is to determine which vulnerabilities need to be fixed as a priority. Not all vulnerabilities are critical, and a good practice to reduce the pressure on your cyber teams is to assign them a score according to various factors, so you can prioritize them. These factors can be the severity of the vuln, the part of the system where it is located, or the number of vulnerable devices.
In the same way, not all the machines making up an IS are equivalent. A critical vulnerability on a test machine will not be prioritized in the same way as on a server with a high business impact.
Correction: How can I correct my vulnerabilities?
Finally, once all these steps have been completed, it is possible to proceed with the correction of system risks and vulnerabilities. This stage also involves the creation of tickets, so that the actions of the security teams can be processed and traced.
To be effective, these steps must be carried out continuously. They require considerable time and human resources, which translates into substantial budgets. The advantage of EASM software solutions is that they automate all the steps involved in protecting the external attack surface, reducing costs without compromising operational quality.
What EASM solutions are on the market?
The French Uncovery solution enables continuous discovery and monitoring of assets exposed to the Internet. It provides a cybercriminal's point of view on his network, giving companies new opportunities to secure their critical devices.