Attack surface discovery: mapping your exposed vectors with continuous threat exposure management (CTEM)
Mapping an organization’s attack surface is the fundamental first step towards hardening exposed attack vectors.
From web applications to APIs and cloud infrastructure, attack surface discovery involves systematically identifying all your internet-facing assets.
Gaps in your inventory of online assets – the ‘known unknowns’ and//or ‘unknown unknowns’ – can exist due to misconfigurations, shadow IT, complex architectures, rapid digital transformation, siloed acquisition of tech, and inadequate asset management processes.
Why attack surface mapping matters
Automated vulnerability scans, pentesting engagements and, in particular, Bug Bounty Programs offer effective risk mitigation for tackling your known risks. By definition, they cannot include unknown assets.
But conducting attack surface discovery in an automated and exhaustive fashion, you can then identify, prioritise and fix vulnerabilities across all possible attack vectors, including previously hidden assets.
Yet if the mantra “you cannot secure what you cannot see” is widely understood, far too many CISOs nevertheless have only a patchy overview of their attack surface. More than two thirds of organisations have admitted to having been compromised via an unknown or poorly managed internet-facing asset (IBM report, 2021).
Without the right attack vector analysis tools, InfoSec teams can struggle to identify – let alone secure – their proliferating online assets.
According to TechTarget, 62% of organizations’ attack surfaces have increased over the past two years as organisations launch new apps and websites, store more data in the cloud, add new third-party integrations, use IoT devices and so on. Frequent software updates also heighten the risk of assets going online, or inadvertently remaining online, without security teams realising.
The merits of CTEM in attack surface discovery
So what’s the best way to perform attack surface mapping?
There are many methods and attack surface discovery tools for ascertaining your potential attack vectors: manual network architecture reviews, user access reviews, network scanners, asset management tools, Cloud Security Posture Management (CSPM) tools, attack surface domain discovery tools and Security Information and Event Management (SIEM) systems to name a few.
When it comes to achieving a unified, comprehensive and real-time overview of your internet-facing assets, an increasingly essential model is Continuous Threat Exposure Management (CTEM).
CTEM is a five-step automated process for continuously monitoring an organisation’s environment for new attack vectors, discovering the attack surface’s exposure to vulnerabilities, and remediating the most critical weaknesses first. Implemented well, this can provide a unified, comprehensive and risk-based approach to security testing.
Given your constantly evolving attack surface and the persistent probing of malicious hackers, this continuous and real-time overview of your cyber risks is preferable to periodic ‘point in time’ snapshots.
With digital transformation, accelerating release schedules and tight security budgets demanding an always-on, cost-effective and scalable approach, tech research firm Gartner cited CTEM as a top strategic technology trend for 2024. It forecasts that, by 2026, organisations implementing a CTEM program now could benefit from a two-thirds reduction in breaches.
Scoping and discovering your assets
YesWeHack’s Attack Surface Management (ASM) product enables five operational phases in accordance with the CTEM model. Mapping your attack surface encompasses the first two steps: SCOPE and DISCOVER.
With YesWeHacks’ ASM, you kickstart the CTEM process by ‘scoping’ your assets: declaring your domain names and IP ranges/addresses and letting our solution inventory subdomains, accessible services and associated technologies.
Then our backend scanners can ‘discover’ related subdomains, other domains hidden from the organisation (due to shadow IT for instance), reachable services and associated technologies. Subsequently, they will continuously detect, and notify you of, any newly-surfaced online assets. A value is assigned to each discovered and classified asset according to its business criticality.
The subsequent CTEM phases, which we will cover in future articles, include PRIORITISING the most pressing suspected vulnerabilities discovered across your exposed vectors, through auto-generated priority scores; VALIDATING or rejecting a finding as exploitable in your environment; and MOBILISING by accessing, editing, sharing, assigning and tracking vulnerability reports from all sources to efficiently fix the most urgent security flaws first. In a follow-up article, we will also explore the potential synergy between Bug Bounty Programs and CTEM – with benefits including optimised testing coverage and cost-effective hardening of your exposed vectors.
How the YesWeHack ASM strengthens your security posture
YesWeHack’s ASM product can provide the missing link in your offensive security strategy by providing:
- Continuous visibility of your true digital footprint – mapping internet-facing assets and exposed dependencies
- Continuous visibility of your organisation’s exposure to known vulnerabilities within the Vulnerability Center
- Automated prioritisation of vulnerabilities based on an easy-to-understand algorithm – accounting for severity (using CVSS), in-the-wild exploitability (using EPSS) and the related asset’s criticality value (assigned by the client organisation)
- Strategised security testing and remediation to tackle the most critical vulnerabilities at scale
The turnkey-deployable ASM integrates seamlessly with the existing YesWeHack platform. Vulnerabilities from various security testing channels, including automated scanning by the ASM, Bug Bounty programs, traditional pentesting and Vulnerability Disclosure Policies (VDPs), are therefore consolidated into the same interface. This provides a one-stop-shop for all vulnerabilities – whatever their source and format.
Schedule a demo with YesWeHack today and discover how a risk-based approach can transform your organisation's security strategy.