Apr 03, 2024The Hacker NewsCybersecurity / Penetration Testing

Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they’re not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface management assumes you have unknown assets and so begins with discovery. Let’s look at both in more detail.

What is vulnerability management?

Vulnerability management is, at the simplest level, the use of automated tools to identify, prioritize and report on security issues and vulnerabilities in your digital infrastructure.

Vulnerability management uses automated scanners to run regular, scheduled scans on assets within a known IP range to detect established and new vulnerabilities, so you can apply patches, remove vulnerabilities or mitigate any potential risks. These vulnerabilities tend to use a risk score or scale – such as CVSS – and risk calculations.

Vulnerability scanners often have many thousands of automated checks at their disposal, and by probing and gathering information about your systems, they can identify security gaps which could be used by attackers to steal sensitive information, gain unauthorized access to your systems, or disrupt your business. Armed with this knowledge, you can protect your organization and prevent potential attacks.

A screenshot of the Intruder vulnerability management platform, which is designed to perform thousands of security checks, identifying vulnerabilities in web apps, APIs, cloud systems, and beyond.

What is the vulnerability management process?

1. Performing a vulnerability scan
2. Assessing your vulnerability risk
3. Prioritizing and fixing vulnerabilities
4. Monitoring continuously

What is attack surface management?

The main difference between vulnerability management and attack surface management is the scope. Attack surface management (ASM) includes asset discovery – helping you to find all your digital assets and services and then reducing or minimizing their exposure to prevent hackers from exploiting them.

With ASM, all known or unknown assets (on-premises, cloud, subsidiary, third-party, or partner environments) are detected from the attacker’s perspective from outside the organization. If you don’t know what you’ve got, how can you protect it?

Take the example of an admin interface like cPanel or a firewall administration page – these may be secure against all known current attacks today, but a vulnerability could be discovered tomorrow – when it becomes a significant risk. If you monitor and reduce your attack surface, regardless of vulnerabilities, you become harder to attack.

So, a significant part of attack surface management is reducing exposure to possible future vulnerabilities by removing unnecessary services and assets from the internet. But to do this, first you need to know what’s there.

What is the attack surface management process?

1. Discover and map all your digital assets
2. Ensure visibility and create a record of what exists
3. Run a vulnerability scan to identify any weaknesses
4. Automate so everyone who creates infrastructure can do so securely
5. ‍Continuously monitor as new infrastructure and services are spun up

Intruder’s attack surface management features help you to stay on top of changes in your environment, such as recently opened ports and services.

How does attack surface management differ from vulnerability management?

Vulnerability management is the process of identifying and prioritizing vulnerabilities in your IT infrastructure and applications. Attack surface management goes a step further by identifying and analyzing your attack surface – all the devices, entry points and exposed services that an attacker could potentially use to gain access to your systems or data.

Can you combine Attack Surface Management and Vulnerability Management?

While ASM and VM may have different scopes and objectives, they’re not mutually exclusive. Used in combination, they create a much more holistic, robust and comprehensive cyber security posture. By identifying your assets and vulnerabilities, you can prioritize your security efforts and allocate resources more effectively – which will help you reduce the likelihood of a successful attack and any potential impact.

How Intruder can help with ASM and VM

Ultimately, you want to leave no stone unturned when it comes to cyber security. Modern VM and ASM solutions like Intruder can detect vulnerabilities affecting your organization. It gives you greater visibility and control over your attack surface, monitors network changes and SSL/TLS certificate expiry dates, helps you stay on top of your cloud infrastructure, and allows you to pay only for active targets. Why not see for yourself with a free 14-day trial?

IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.

The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using available market tools and expertise to achieve the desired cybersecurity posture.

While conceptually straightforward, this is an incredibly tedious task that consumes the working hours of CISOs and their organizations. Both the enumeration and the fortification pose challenges: large organizations use a vast array of technologies, such as server and endpoint platforms, network devices, and business apps. Reinforcing each of these components becomes a frustrating exercise in integration with access control, logging, patching, monitoring, and more, creating a seemingly endless list of tasks.

However, what makes the enterprise attack surface management unsustainable is its constant expansion. As businesses increasingly digitize, each new device, app, infrastructure component, and network extension creates a new attack surface. The struggle to continuously adapt, incorporating new security tools, becomes increasingly unsustainable over time.

This issue doesn’t stem from a lack of tools. With each generation of attacks and the emergence of new attack surfaces, a plethora of specialized startups pop up, offering new tools to combat these challenges. Whether it’s addressing business email compromise or other threats, there’s always a new tool tailored just for the job. It’s exhausting, it’s expensive and it’s just not sustainable. Large organizations are drowning in security technology, missing critical breach indicators because the security tools get in the way with a flood of false positives that need human work hours to investigate and categorize as such.

It’s time to break the cycle of acquiring another tool for another surface and get off the hamster wheel.

Let’s explore what’s driving this explosion in attack surface:

Increased use of cloud services

More businesses are transitioning to cloud-based services and storage. While these services offer significant benefits, they also increase the potential for cyber attacks if not properly secured. The cloud is here to stay – and on-prem is not going anywhere either. This means that the typical organization needs to account for duplication of attack surface across the environment – embracing a hybrid model as the new norm.

Cloud service providers excel in securing specific layers of the stack they oversee: the hypervisor, server and storage. However, safeguarding the data and apps within the cloud is the responsibility of the customer. That’s all on you.

1. Remote working

More people working from home and companies adopting more flexible work policies inevitably heightens security risks. And we still haven’t gotten it right. We still don’t have the same managed and secure infrastructure in the home as we had in the office.

2. The Internet of Things

The number of IoT devices in use is skyrocketing, and many of these devices lack adequate security measures. This vulnerability provides a potential entry point for cybercriminals seeking unauthorized access.

3. Supply chains

Cyber attackers can exploit weak links in an organization’s supply chain to gain unauthorized access to data, utilizing these weak links to gain unauthorized access to sensitive data or critical systems.

4. AI and machine learning

While these technologies have many benefits, they also introduce new vulnerabilities. Who are the privileged users at AI companies? Are their accounts secured? Are robotic workers (RPAs) using secure digital identities when accessing sensitive corporate data?

5. Social networking

The rise of social networks and their ubiquitous use across personal and business interactions brings new opportunities for criminals, particularly in the areas of social engineering. With the recent wave of business email compromise, we can see how vulnerable organizations are to these kinds of attacks.

What’s the solution?

The reality is that the traditional perimeter has been eroding for a long time. Security measures such as the physical keycard, firewall and VPN, when used as standalone defenses, became obsolete a decade ago. Identity has emerged as the new forefront in security.

So, what can you do? There isn’t a one-size-fits-all remedy, obviously. However, there are innovative approaches that alleviate some of the strain on CISO organizations. Across all the emerging threats and trends fueling the attack surface expansion, the common thread is digital identities. Prioritizing the security of identities through identity and access management (IAM), securing the directory, and privileged access management (PAM), you can roll out robust access control, enable a sound zero trust approach, and keep an eye on those privileged accounts.

Cyber insurance has emerged as a vital component in the cybersecurity arsenal, acting as a financial safety net in the event of a breach. Investing in cyber insurance can alleviate financial burdens and aid in the recovery process, making it a key piece of any security strategy.

Make no mistake, you still need to patch your systems, and you still need to make sure your configurations are secure. You still need a balanced approach to cybersecurity and to make any kind of attack expensive enough to deter attacks. However, when attackers are lured by vulnerable identities, you need to react.

Conclusion

Identities are vulnerable. As someone coined awhile back: the regular attacker doesn’t hack in the systems. They just log in, using compromised credentials, and rampage through the systems (including Active Directory) if left unchecked. Data supports this claim: The latest CISA analysis shows that using “valid accounts was the most prominent technique used across multiple tactics.” These credentials were not only used for initial access but also to navigate laterally through networks and escalate privileges. Astonishingly, valid credentials were identified as the most prevalent successful attack technique in over 54% of analyzed attacks. This emphasizes the importance of safeguarding digital identities as a fundamental defense strategy.

Jan 09, 2024The Hacker NewsSaaS Security / Data Security

Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more.

Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees dispersed across regions and departments.

At the same time, the openness of data SaaS platforms can be problematic. A 2023 survey by the Cloud Security Alliance and Adaptive Shield found that 58% of security incidents over the last two years involved data leakage. Clearly, sharing is good, but data sharing must be put in check. Most SaaS applications have mechanisms to control sharing. These tools are quite effective in ensuring that company resources aren’t open for display on the public web. This article will look at three common data leakage scenarios and recommend best practices for safe sharing.

Learn how to see the files that are publicly shared from your SaaS

Turning Proprietary Code Public

GitHub repositories have a long history of leaking data. These data leaks are usually caused by user error, where the developer accidentally exposes private repositories or an admin changes permissions to facilitate collaboration.

GitHub leaks have impacted major brands, including X (formerly Twitter) whose proprietary code for its platform and internal tools leak onto the internet. GitHub leaks often expose sensitive secrets, including OAuth tokens, API keys, usernames and passwords, encryption keys, and security certificates.

When proprietary code and company secrets leak, it can put business continuity at risk. Securing code within GitHub repositories should be a top priority.

Surprising Risks of Publicly Accessible Calendars

On the surface, publicly shared calendars might not seem to be much of a security risk. Calendars aren’t known for sensitive data. In reality, they contain a treasure trove of information that organizations would not want falling into the hands of cybercriminals.

Calendars contain meeting invitations with videoconference links and passwords. Keeping that information open to the public could result in unwanted or malicious attendees at your meeting. Calendars also include agendas, presentations, and other sensitive materials.

The information from calendars can also be used in phishing or social engineering attacks. For example, if a threat actor with access to Alice’s calendar sees that she has a call with Bob at 3 o’clock, the threat actor can call Bob while posing as Alice’s assistant and request that Bob email some sensitive information before the meeting.

Collaborating with External Service Providers

While SaaS apps simplify working with agencies and other service providers, these collaborations often involve members who come into the project for short periods of time. Unless managed, the shared documents and collaboration boards give everyone working on the project access to the materials for all time.

Project owners will frequently create one user name for the agency or share key files with anyone who has the link. This simplifies administration and may save money in terms of licenses. However, the project owner has ceded control over to who can access and work on the materials.

Anyone within the external team not only has access to proprietary project files but they often retain that access after they leave the company if they remember the username and password. When resources are shared with anyone with a link, they can easily forward the link to their personal email account and access the files whenever they want.

Figure 1: Users retain access to shared Google Docs even after the employee who shared the documents has left the company

Discover which configurations are exposing your data to the public.

Best Practices for Safe File Sharing

Sharing resources is an important aspect of business operations. SaaS Security firm Adaptive Shield recommends companies follow these best practices whenever sharing files with external users.

• Always share files with individual users, and require some form of authentication.
• Never share via “anyone with the link.” When possible, the admin should disable this capability.
• When applications allow, add an expiration date to the shared file.
• Add an expiration date to file-sharing invitations.
• Remove share permissions from any public document that is no longer being used.

Additionally, organizations should look for a SaaS security tool that can identify publicly shared resources and flag them for remediation. This capability will help companies understand the risk they are taking with publicly shared files and direct them toward securing any files at risk.

Learn how a Resource Inventory can identify all publicly accessible resources.

Jan 08, 2024NewsroomCyber Security / Zero Trust

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner identified attack surface expansion as a major trend to watch.

So, it is not surprising that External Attack Surface Management (EASM) is a growing priority for organizations. But traditional castle-and-moat-based security architectures are ineffective at protecting enterprises against today’s sophisticated attacks, which increasingly leverage AI and as-a-service models to maximize speed and damage.

Zero trust security is the best way to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss.

Register here and join Apoorva Ravikrishnan, Senior Manager of Product Marketing, to learn:

• The most prominent trends in today’s attack landscape
• How attackers discover and exploit infrastructure as part of their attack sequence
• How to leverage zero trust security to minimize your attack surface

Why attend?

This will not be the first time you might have come across a webinar on minimizing the attack surface. Shadow IT, public cloud web apps, increased usage of open source code, unsecured servers running RDP/VNC/SSH/Telnet/SNMP, IoT systems with legacy services, TLS/SSL misconfigurations, and vulnerable remote access systems like VPNs – all increase the attack surface. In truth, many of you would be thinking about reducing your attack surface daily. However, this is an excellent opportunity to hear about how even security tools such as VPNs and Firewalls increase your attack surface and what you can do about it.

• Understand how to take control of your digital footprint to reduce your external attack surface.
• Get to know why traditional security architecture is not built for digital transformation.
• Understand more about User-to-App segmentation for granular access and risk reduction.
• Get actionable insights from Zscaler – the world’s largest security cloud and a pioneer in Zero Trust architecture.

Tap into our security expertise to learn more about leveraging Zero Trust to minimize attack surfaces and keep your data, applications, and users secure. Register for the webinar here.