Hand using laptop with blue radar map

How Attack Surface Management Has Evolved And Where It’s Headed Next

Having a clear, accurate, and current view of your attack surface is essential for senior executives to understand and act on business risks. But, attack surface management (ASM) is only one component. Before making risk-based business decisions, you must see the entire picture. You must also factor in possible and probable threats to your environment, and assess your vulnerabilities, in addition to added context of how valuable each asset is to the organization.

Consider this; Not all risks are a top priority for the organization, not all threats are devastating to your infrastructure, not every vulnerability is a 10 out of 10, and not all assets are of critical importance. So how do you know what to prioritize?

The future of ASM will include the ability to easily access all the information needed to make risk-based business decisions, with both IT and lines of business completely aligned. In this article, we will examine the current state of ASM, look at how it is currently deficient, and how you can enhance your ability to understand your business risks.

How ASM has evolved

Over the years, cybersecurity tools have matured and become more capable of detecting threats and vulnerabilities, monitoring breaches, and taking action to mitigate risk. Businesses have changed how they view risk and its role in decision-making. To address these changes and meet the needs of business leaders, cybersecurity tools must become more agile and comprehensive.

The need for more business context

Knowing that vulnerabilities exist in your environment is not enough. You need to see vulnerabilities in the context of threats against your entire attack surface. Security and risk leaders need to be empowered to make better, more accurate, and more timely risk-based decisions.

An ASM tool will provide more value to your business when it aligns with your goals and objectives and provides context around risk. It should allow security practitioners, security leaders, and risk managers to use the same risk-centric language for effective communication.

To clearly understand your risks, you need to integrate feeds from your threat intelligence sources with your ASM solution, or better, have a vendor do this as part of their offering. In this way, you gain the transparency required to make decisions about how to prioritize assets, dependencies, and vulnerabilities.

The need for prioritization

With each new technology your organization adopts, such as exposed architectures like containers and cloud-native deployments, the number of dependencies you need to prioritize and manage increases significantly.

There will always be more that needs to get done than your organization can manage effectively. By applying business risk context to threats and vulnerabilities, you can prioritize how you allocate your resources more astutely.

When security practitioners, leaders, and risk managers all see the same threat and vulnerability information conveyed in a common language that expresses business risk, they can make unanimous decisions succinctly. Whether applying a technical solution to mitigate an attack or charting a pivot for business positioning, they can act in concert.

The need for a more comprehensive yet simpler to use ASM tool

The demands of their job often force security professionals to get creative. To arrive at a position where they can make security decisions about threats and vulnerabilities, they need several different tools. They need a tool to alert them to threats and another to inform them about vulnerabilities. They are well versed in creating scripts that enable them to accelerate deficiencies in products or workflows. Then they turn to tools that can enable them to sniff out vulnerabilities and identify threats in their environment. Finally, they deploy tools to automate a response.

Even after executing these tasks, the information isn’t disseminated uniformly or put into context. Because of this, responsive measures can be too slow or ineffective, allowing attacks they could have anticipated and stopped to slip by the security team.

These prevalent complexities have caused growing teams with many tools and significant budgets to remain largely ineffective against sophisticated threats. Changes are needed, and these heavily burdened teams have a right to demand more from their ASM providers.

The future of attack surface management is ASM v2.0

Even though a good threat intelligence provider can tell you who is attacking you and even who is likely to attack you, that is only part of the picture. It lacks context from a business risk perspective.

In addition to threat intelligence, other disparate solutions can do a passable job of providing a view of your immediate attack surface but usually fail to look deeper into third and fourth-party risk. Modern ecosystems are complicated and require that an effective solution look further and manage the entire attack surface.

An integrated approach is needed to protect the complex attack surfaces of today’s enterprise. At Team Cymru, we’re calling this ASM v2.0. It is digital business risk management, threat intelligence, vulnerability assessment, and attack surface discovery in one solution.

Our ASM v2.0 solution, Pure Signal™ Orbit, integrates a complete map of all your infrastructure, including those parts of your attack surface you may not be aware of, with real-time threat intelligence and a view into all your vulnerabilities.

Pure Signal™ Orbit is powered uniquely by Team Cymru’s own Threat Intelligence feeds. By benefiting from the gathering of signals from across the globe, this solution gives security teams visibility far beyond their internal infrastructure and traces a threat more than a dozen hops to its source. IPs associated with confirmed malicious activity are immediately aligned with assets, and an alert is sent—this is asset-specific threat intelligence in action.

This is Team Cymru’s world-class threat intelligence integrated into state-of-the-art attack surface mapping and vulnerability management, enabling the most precise responses to real-time threats available.

An integrated approach to ASM drives speed and accuracy because there is no time wasted trying to take the information provided by one tool and apply it to a second, third or fourth. All critical data, threats, and risks are integrated into a single place dynamically.


Team Cymru Fellow at Team Cymru