On any day, you'll likely see a breach or some cyber incident that hurts a big company's reputation. If you feel like it’s “open season” for threat actors, that’s because it is. They can scan for vulnerabilities in less than an hour and use generative AI to write malware in minutes rather than days. Cloud apps and services, hybrid work, AI, and other digital transformation trends have created a global digital network of connected attack surfaces.
The main point is that old ways of protecting digital assets on the Internet are no longer enough to protect against constant threats. So, what is non-traditional? Enter external attack surface management (EASM).
The current state of EASM
EASM is a proactive process that involves the continuous discovery, monitoring, and remediation of an organization's external assets and systems. It aims to find possible weaknesses and risks, like cloud services that are not set up correctly, passwords that are exposed, and software that is not from a trusted source.
The goal is to find known and unknown assets and give you a complete view of the threats facing your organization. This will help your security team prioritize and reduce risks better.
Tackling the expanding attack surface
Large companies can have thousands of systems, apps, cloud servers, IoT devices, and data storage places open to the internet. Vulnerabilities are common in shadow IT, web applications, data services, open-source code, unsecure servers running common network protocols like SSH, RDP, SNMP, IoT systems, SSL/TLS problems, and firewalls/VPNs. EASM can also help you identify where third parties may be causing you exposures with systems or applications they are maintaining on your behalf.
If not adequately managed, these assets can open the door to cyber adversaries. Traditional security measures often fall short in pinpointing weaknesses in this complex environment. They focus on internal threats and fail to address external exposures adequately.
By always seeing all internet-facing assets, you can use EASM to find and fix problems before they can be used. Forrester estimates that, on average, organizations find 30% more assets than they expected when using EASM tools.
Integrating EASM with advanced security solutions
Robust cybersecurity measures like EASM help safeguard your digital workplace and improve productivity. The greatest benefit comes when it is combined with the following modern security capabilities:
- Zero trust architecture: a zero-trust model is important in today's world, where people work from home and use cloud services. By following zero trust rules, organizations can make sure that only people who have been approved can access important resources. This reduces the attack surface and minimizes the risk of unauthorized access.
- Risk-based vulnerability management: prioritizing vulnerabilities based on risk factors from multiple sources enables security teams to focus on the most critical threats. Using AI and machine learning (ML) to look at threat information and vulnerability data gives a risk score for each asset. This risk-based approach ensures that the most severe threats are addressed first, improving overall security posture.
- Holistic data aggregation: EASM gathers data from devices, network devices, cloud services, and other applications. For example, domains, ASNs, and TLS certificates, along with data from sources like Zscaler ThreatLabz, can give a complete view of the whole system. This unified approach helps identify patterns and anomalies that may indicate a security incident, facilitating faster and more efficient incident response.
- Predictive analytics: using historical data and machine learning algorithms to predict the likelihood of a breach allows organizations to implement preventive measures. This proactive approach is essential in today’s threat landscape, where new attacks appear daily.
- Deception technologies: by watching decoys like honeypots and honey tokens, security teams can learn about attacker behavior and improve their defenses. Deception provides valuable intelligence about their tactics, techniques, and procedures.
- Identifying exposed assets: findings from EASM can be used to identify exposed assets that can be cloaked using ZPA. You can secure OS and applications, even those that are un-patchable due to EOL or other reasons.
In the changing world of cybersecurity, it can be a long journey from identifying a need to fully fixing it. This has certainly been the case with the identification and management of unknown digital assets. Since the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) said in 2014 that finding unknown assets was important, the industry has slowly but surely moved towards more advanced solutions.
In the last five years, many tools have been created to track digital footprints. These include port and vulnerability scanners and open-source intelligence (OSINT) search engines like Shodan. Recent improvements in AL and ML have greatly improved how you can prioritize asset risks, leading to more useful insights.
As the market matures, the challenge of EASM will be defining its technological scope with use cases spanning attack surface discovery and asset risk prioritization, and cross-over integrations with related solutions, such as risk quantification and deception.
In the meantime, cybersecurity teams can lean into its capabilities to improve their internet security posture, reduce drudge work for the SOC, and help baseline and improve their organizations’ compliance with business initiatives like M&A due diligence, regulatory requirements, and cyber insurance requirements.
What to read next
Introducing Zscaler EASM