Intro to Attack Surface Management (ASM)
Its been a while since I’ve handled an ASM tool and since I still have access to a trial account of an ASM tool, why not write a blog about it before the subscription expires?
What is an Attack Surface Management.
There are a lot of definitions on the web on what ASM is but lets borrow one from PaloAlto. :) An Attack Surface Management (ASM) is the process of continuously identifying, monitoring and managing all internal and external internet-connected assets for potential attack vectors and exposures.
This basically handles the attack surface of an organization whether external or internal.
The ultimate goal in utilizing attack surface management tools to increase attack surface visibility and reduce risk in our organization.
ASM tools or providers
There are a number companies that offer ASM products. Each product or providers comes with its own set of unique features, capabilities, and offering.
Highlighted below are some of the ASM tools that one may find in the market:
- Mandiant Advantage ASM
- River Security
- RunZero ASM
- Microsoft EASM
For free ASM, one may check rengine tool. If you are looking for a free and locally hosted setup, you might consider this one.
RunZero ASM also offers a community version. You might review your company’s confidentiality policy since its not locally hosted.
Benefits of using ASM tools
External Asset Visibility
- The organization can monitor their external attack surface exposures by scanning their asset from outside perspective.
- One can also monitor the the certificate that are used by your domain.
The following screenshots show when I spun up an EC2 instance in AWS to PoC how it looks from an outside perspective.
Internal Asset Visibility
- You can also perform a scan on your local network.
- With an ASM, you can scan your internal assets, its like an asset management but on steroids
Vulnerablilty Monitoring
- ASM are not Vulnerability Scanners, like Nessus or Qualys, but vulnerability data from your vulnerability scanners can be shipped to your ASM and see the data there. Ultimately, if the ASM supports it for integration, one can also send the data to your SIEM if you want to consume the assets that was seen by the ASM.
Conclusion
Using an Attack Surface Management (ASM) tool enables organization to scan both internal and external assets, monitor your certificates, and gain comprehensive visibility into vulnerable hosts, among various other capabilities which enhance the cybersecurity posture of your organization.
Sources and references:
https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management
https://riversecurity.eu/active-focus/
https://learn.microsoft.com/en-us/azure/external-attack-surface-management/
https://www.mandiant.com/advantage/attack-surface-management