Mitigate threats affecting your internet-facing assets.
Managed Digital Risk Protection外部攻击面管理(EASM)是识别面向公共互联网的内部业务资产以及监控漏洞的过程, public-cloud misconfigurations, exposed credentials, or other external information and processes that could be exploited by attackers. This effort aligns with a goal of obtaining a clear snapshot of cloud security posture.
As mentioned above, misconfigurations can play a big part in a vulnerability landscape. Properly configuring any cloud environment means enacting digital risk protections to defend it from a broad range of threats, whether in the form of deliberate attacks or unintended mistakes – misconfigurations, improper security awareness, etc. – that open the door to attacks.
Internal attack surface management 解决位于企业防火墙和保护性安全措施后面的资产(包括可能受到网络钓鱼等社会工程影响的人员)的安全问题. These assets are, theoretically, 不暴露在公共互联网上,并采取防御措施,以保护企业的内部运作和商业秘密.
EASM——尽管它是ASM的一部分——专注于保护企业内部安全措施之外的更多商业操作. This includes public-facing websites, apps, e-commerce operations, and any backend that could be accessed if an attacker were to exploit these digital assets.
The difference between EASM and cyber asset attack surface management (CAASM) EASM方法是否主要关注于发现和保护互联网上几乎任何人都可以访问的面向公众的资产. CAASM方法同时关注内部和外部攻击面,以便为安全组织提供最大程度的周界前后攻击面可见性. CAASM平台可以通过访问组织的技术堆栈以提供整体视图的API集成来实现这一点.
外部攻击面管理(EASM)非常重要,因为当涉及到面向公共互联网或外部的资产时,存在被利用和攻击的可能性. 重要的是要记住,这个外部攻击面可以为威胁行为者打开利用内部攻击面的大门.
EASM解决方案在识别那些成为业务攻击面一部分的面向外部的资产方面变得越来越好,因为每次面向公众的启动都会产生新的攻击向量. An EASM solution should be able to leverage threat feeds to engage in threat hunting. 这对于了解威胁行为者在野外利用什么以及是否值得团队努力并主动解决潜在问题至关重要. Key aspects of a proactive threat hunt can include:
EASM还应该能够利用来自后边界攻击面的外部威胁情报来正确检测和优先考虑风险和威胁, from the nearest network endpoints to around the deep and dark web. 企业每天在公共互联网上投放的无数资产确实令人震惊, 这些资产一旦上线,在防止潜在的剥削方面都会有自己的考虑.
External, 对于任何希望尽其所能保护其业务的攻击面的安全组织来说,主动威胁情报是必不可少的. 关键是要采取超越网络边界的预防措施,以便能够响应每个动态攻击面上的事件.
EASM通过持续监测和发现面向公共互联网的资产的潜在漏洞来工作,这些漏洞可以被利用为攻击媒介. If this were to happen, threat actors could then also potentially breach an organization's internal attack surface.
Indeed Forrester says EASM works when “tools or functionalities that continually scan for, discover, and enumerate internet-facing assets, establish the unique fingerprints of discovered assets, and identify exposures on both known and unknown assets.“让我们来看看Forrester发现的一些用例,这些用例可以说明EASM功能的一些细节:
With these use cases, 我们可以开始了解每天有多少资产被用于接入面向公众的互联网,并将组织的攻击面从内部扩展到外部,从而扩展到全球. External threat intelligence feeds are critical to mitigating and stopping threats on an external attack surface.
The capabilities of EASM are some we have already covered in different sections above, but we'll compile them, with some additions, here.
Depending on the provider, 威胁情报和检测工程团队应该能够通过SaaS交付提供检测, which means access to the latest alerts, updates, and threat intel. EASM从业者应该能够不断地用最新的信息来丰富威胁管理工具.
A security operations center (SOC) 能否利用EASM平台快速访问所有资产的错误配置数据. From there, a prioritization process could be conducted to determine which assets need immediate attention. On the proactive front, EASM can be leveraged to perform threat intel gathering for red, blue, and purple teams conducting exercises.
EASM平台主要应该能够帮助从业者获得对顶级外部资产的可见性,这样他们就可以在攻击者发现漏洞之前确定优先级并进行修复.
EASM的好处是深远的,可以对主动安全措施的有效性和企业的整体声誉产生令人难以置信的积极影响.