Identify 曝光 和 vulnerabilities throughout your physical 和 digital 攻击表面.
Rapid7攻击面安全Cyber asset 攻击表面 management (CAASM) is a platform tool that leverages data integration, 转换, 和 analytics to provide a unified view of all physical 和 digital cyber assets that comprise an enterprise 网络.
CAASM政策有助于识别 曝光 和 potential security gaps along the 网络 攻击表面. They are intended to act as authoritative sources of asset information complete with ownership, 网络, 和 business context for IT 和 security teams, furthering the knowledge of the security organization at large.
CAASM can be integrated with existing 工作流 to automate security control gap analysis, 优先级, 和修复, thereby boosting efficiency 和 breaking down operational silos between teams 和 their tools. 记住这一点很重要, 然而, that the assets these tools are meant to protect are more than just devices 和 infrastructure.
A 安全运营中心(SOC) typically tags “assets” as users, applications, 和 even application code. The key is for the security practitioners within a SOC to recognize the interconnectedness of these assets.
Consider a scenario where more than 1,000 servers have the same vulnerability. Assessing each one quickly becomes time 和 cost-prohibitive, thus CAASM capabilities can step in to speed up the process by enriching cyber asset data to then automate the majority of analysis.
CAASM works by considering the interconnectedness 和 totality of 网络 assets, 分析他们的弱点, 和 then enacting risk-reduction policies. Common key performance indicators (KPIs) of CAASM include:
如上所述, assessing each vulnerability can become cost 和 time-prohibitive when there is such a multitude of assets to consider on one 网络. Automation helps by analyzing vulnerabilities faster as well as prioritizing them for remediation.
CAASM enables organizations to leverage analytics with the goal of refining search results, 识别趋势, or disseminating specific information to defined groups or individuals. This integrated approach delivers comprehensive 攻击表面 visibility 和 mapping so a SOC can address risks 和 manage vulnerabilities more efficiently.
Perhaps the most critical function of CAASM is the identification 和 mapping of new assets as they plug into 和 out of a 网络. It’s important to leverage comprehensive asset discovery tools to gain a true picture of what a changing 攻击表面 looks like as those new assets appear. 网络访问控制(NAC) capabilities can also aid in the creation of policies to cut down on unauthorized access attempts, should a bad actor exploit an asset vulnerability that has yet to be identified.
From there, security personnel can more easily define specific outcomes for assets or asset groups. Once these outcomes are established, it’s simply a matter of running searches for all assets that do not meet these security criteria 和 subsequently prioritizing them for remediation. 以这种方式, CAASM helps a SOC streamline inventory 和修复 practices to help it gain greater efficiencies.
CAASM differs from other technologies in many ways, but is also similar in others. There are so very many platforms 和 methodologies out there to help security practitioners ensure their 攻击表面s are as protected as they can possibly be. When looking at 攻击表面 protection solutions, what are some key differences a buyer might consider before purchasing the right solution for their organization?
连续 攻击面管理(ASM) is the overarching concept of the always-on monitoring of an organization’s digital footprint, with the goal of shrinking the 攻击表面 和 strengthening the company’s security posture. ASM encompasses all of the methodologies we’ll discuss here. CAASM is essentially ASM through the filter of all of an organization's cyber assets on its 网络 or that are attempting to access its 网络, 对内对外.
两者的主要区别 EASM 和 CAASM security is that the former typically focuses solely on external-facing assets while the latter focuses on both external 和 internal 网络 assets, therefore granting a more complete picture of the 攻击表面 at any given time. Because of its more simplistic nature as compared to CAASM, EASM solutions tend to be easier to set up 和 therefore more widely adopted.
While CAASM solutions tend to focus on internal 和 external 网络 assets – 和 therefore the data they share with the 网络 和 take off of it – a 组成 solution typically aims its focus on an organization’s sensitive digital assets 和 their exposure to the internet 和 potential attackers as well as vulnerabilities that could result from that exposure.
Let's take a look at the situations that would most call for implementation of a CAASM solution to help protect an enterprise 网络 as the proliferation of cyber assets creates more vulnerability.
The purpose of ASM is to shrink the so-called 攻击表面, so that there are fewer potential access points for a threat actor to breach the 网络. 但正如我们在这里讨论过的, more assets interacting with an enterprise 网络 means a greater proliferation of access points.
Implementing an effective CAASM solution can help to mitigate these concerns as more assets come onto the 网络. Let’s take a look at some of the benefits of such a solution:
A CAASM platform isn’t a plug-和-play solution to cyber asset management. 事实上, it will take the skill of experienced security practitioners to properly implement such a solution. But the value derived from a well-maintained 和 effective CAASM tool will mean a stronger 和 more secure 网络.