Is Your Attack Surface Management Plan Ready?

For security teams, the threat of cyberattacks is constantly looming, but feeling that a breach is inevitable should never get in the way of being prepared. So the question is: Do you have an Attack Surface Management (ASM) plan ready?

MIT Technology Review Insights surveyed 728 executives and decision makers from around the world to find out the state of Attack Surface Management practices. According to a survey conducted by MIT Technology Review, most board members seem to understand the need for an ASM plan. In A Game Changer in IT Security report, 61% of global respondents expected their board of directors to request an Attack Surface Management plan this year, with that number skewing higher in regions like North America (66%), Europe (68%) and Asia-Pacific (67%).

The key pieces of an ASM plan: discovery, evaluation and mitigation. Discovery must come first because if you don’t know what assets you have, it is impossible to evaluate and mitigate risks.

In early 2021 the Cortex® Xpanse™ research team learned where security issues live. For the 2021 Cortex Xpanse Attack Surface Threat Report, the Cortex Xpanse research team monitored 50 million IP addresses associated with 50 global enterprises between January and March 2021, including a subset of the Fortune 500, finding that 79% of all critical security issues are in the cloud. Unfortunately, far too many enterprises still don’t have the first step of an ASM plan in place, and they don’t have a complete asset inventory to rely on for mitigation efforts.

According to the MIT Technology Review survey, 50% of companies said they have experienced a cyberattack originating from an unknown, unmanaged or poorly managed asset, and 19% expect to be attacked by an unknown asset.

This trend holds regionally as well, with 53% of respondents in Europe admitting to being victims of attacks and 18% expecting an attack. In Asia-Pacific, 51% have experienced attacks on unknown assets, and 16% expect the attacks to come.

"This data makes all too clear the reality of unknown or unmanaged assets. They are a major security risk and the only way to protect yourself is to have a complete and up-to-date inventory of all internet-facing assets," says Tim Junio, senior vice president of products, Cortex at Palo Alto Networks.

Prepare an ASM Plan Now

As advanced as any security operation may be, it’s hard to argue with the simple facts that you can’t secure what you don’t know. Prevention is always easier than cleanup. What do you need to do to begin putting an ASM plan in place?

As noted earlier, start with discovery. Traditional inventory methods are highly manual processes that look at an organization from the inside out. These methods are slow and error-prone, meaning all other security processes that rely on an accurate inventory of assets, like vulnerability scanning, are starting with a serious disadvantage.

Scanning for assets from the outside in can uncover abandoned assets, insecure certificates, out-of-policy communications and more. According to Xpanse data, Xpanse customers find 35% more assets than when they were previously tracking without this method.

Once your security operations have a comprehensive and up-to-date system of record, evaluating risks and mitigating those risks becomes far easier.

Beyond automating your continuous discovery of assets, Xpanse can automatically flag assets that have exposures and attribute each discovered asset to relevant stakeholders. Combine this data with automated actions in Cortex XSOAR and previously unknown assets can be brought under control fast.

Learn more about Attack Surface Management and how organizations are doing in the global report, A Game Changer in IT Security, as well as regional reports for Asia-Pacific and Europe, the Middle East and Africa.