攻击面管理(ASM)是维护对不断变化的网络环境的可见性的过程,以便安全团队可以修补漏洞并防御新出现的威胁. 那么,an是什么 攻击表面? 这是你的整个网络, on- premise和off, and the potential vulnerable points where attackers could gain entry.
Forrester定义 攻击表面 management as the process of continuously discovering, identifying, inventorying, 评估 exposure 一个实体的IT资产不动产. 基于以上的一切, 我们可以放心地假设,这是安全团队经常难以解决的问题. 在一个环境中,有限的可见性意味着您不知道可能损害组织和业务的所有事情.
如果能见度有限, 请记住,应用程序开发中的任何类型的过程都可能由于 缺乏可观测性 of aspects such as how code is behaving in production. Put simply, 对攻击面的有限可见性使得业务操作和安全性的许多方面都不可靠.
Security organizations can monitor and manage 攻击表面s by managing vulnerability, 定期测试web应用程序, automating 军事 response, and gaining visibility into the most up-to-date indicators-of-compromise(国际石油公司). There is no one correct way to manage an entire 攻击表面, 特别是在大型企业组织中. But, 通过增加能见度, 安全团队可以开始定制操作并搜索特定于其环境的解决方案.
Attack surface management is important because it provides the visibility, context, and prioritization needed to address vulnerabilities before they can be exploited by attackers; it’s critical for teams who want a deeper understanding of their key risk areas. Attack surface management also aids in making IT, 安全人员, and leadership aware of what areas are vulnerable to attack, so the organization can find ways of minimizing the risk.
这个过程的各个方面——比如漏洞评估和渗透测试——是团队可以利用的最佳实践,以获得攻击面可能发生破坏的可见性和背景. 这种全面的攻击面分析策略可以提高对技术和流程相关风险的认识.
The challenges around external 攻击表面 mapping are many, but that doesn’t mean there aren’t solutions for a capable SOC. Whether that team exists all in one location or they’re scattered the world over, it’s imperative for a globally distributed workforce to secure its modern 攻击表面. Let’s take a look at a few highlights among those challenges:
在云中维护大量操作的短暂性意味着没有像“过去”那样只有本地部署的定义边界. 这个范围是不断变化和扩大的, 因此,托管和容纳组织云的分布式IT生态系统所面临的挑战是,很难监控和保护位于防火墙和其他保护本地网络的协议之外的国家或全球边界.
之间的合作 传统上孤立的团队 在试图监控和绘制攻击面以应对潜在威胁时,这可能是一个挑战吗, especially when those teams can be distributed geographically, 这是否意味着远程工作者的网络, 区域办事处, 或者跨国公司总部. These days, 人们更加关注能够提供共享视图和通用语言的解决方案,这些解决方案可以将那些传统上孤立的团队聚集在一起,朝着威胁预防的共同目标工作.
Between known and unknown assets constantly joining the network, 你的攻击面每天都在增长和变化. 自动化操作内有效 外部攻击面管理(EASM) strategy can cut down on the time it takes to secure post-perimeter assets, 比如那些暴露在公共互联网上,可能会受到公共云配置错误的影响的企业.
EASM解决方案可以进一步优化 云安全态势 and are increasingly focused on identifying rogue external assets. 他们应该能够做到 利用外部威胁情报 to conduct targeted threat hunts and prioritize remediation, from the nearest network endpoints to around the deep and dark web. In this way, 从业者可以了解威胁行为者在野外做什么,以及它如何渗入内部环境.
这包括广泛的扫描,以发现可能特别容易受到威胁的系统和/或资产. These sorts of assets could be anything from application builds, to personal assets accessing a company’s network, to the hardware/software of a supply chain partner. 最后一点特别令人关切, as most every company in existence leverages the services of multiple vendors, who each leverage the services of multiple vendors of their own – and so on and so on.
这种复杂性和对众多合作伙伴网络的依赖,凸显了超越发现的必要性, to accelerate scanning and visibility into real-time territory. As threat actors gain speed with their breach methodologies, security organizations must keep pace as the time to exploitation continues to shrink.
定期测试——不同类型的测试——是确保应用程序和系统得到适当保护的可靠方法. From there, you can determine what action needs to be taken to fortify perimeters.
It’s crucial to have context around potential risks or threats. 数据蔓延和复杂性可能导致难以处理的攻击面,给安全运营(SecOps)团队带来重大挑战,这些团队希望以不断增长的速度充分了解威胁并管理漏洞.
情境化威胁情报可以帮助您深入了解技术堆栈的每一层,以便您可以有效地确定优先级并应对风险和威胁. 这不仅仅意味着情报反馈,还意味着理解公众可访问性, 存在漏洞, whether or not a resource is associated with a business critical application, and more. Vulnerabilities have a certain level of risk, as does every asset on your network. Therefore, 制定合适的策略,在最敏感的风险成为真正的威胁之前,优先考虑对其进行补救,这一点至关重要.
The sheer number of security issues that can arise in one security organization, 不管是在SOC还是其他地方, 不一定是团队阻止威胁和修补漏洞的能力的指示器. A modern 攻击表面 includes both on-premises and cloud environments. 这种蔓延包括这样的场景 身份和访问管理(IAM) 当每个资源和服务被分配角色时,处理数百万个不同身份的团队. Each of those roles has its own exploitable permissions and privileges.
去年,88%的组织 报道称他们计划增加开支 on, among other things, improving alert context and prioritization. 像风险分析和工作流框架这样的自动化过程可以大大降低评估哪些事件最需要及时补救的复杂性和艰巨性.
It’s critical to implement and continuously enforce internal compliance – and regulatory, if applicable – standards that shrink your 攻击表面 as much as possible.
严格遵守 合规政策 can have the benefit of accelerating response time in that smaller 攻击表面. By also incorporating as much automation as possible, you can reduce the blast radius when an attack or breach does occur. 将安全向左转移是这些标准如何创造更快响应文化的一个例子. 这意味着在构建时和部署后通过持续的模板扫描,将安全性更早地集成到应用程序开发/部署过程中.
As your network grows, your 攻击表面 expands. That’s a lot of space for attackers to find a way in and exploit it to the max. With, 如上所述, contextual threat intelligence and prioritization, over time it can become possible to behave like an attacker, staying one step ahead and remediating issues before they can be exploited. 自动修复 plays a critical part in the ability to rapidly address one potential threat after another.