Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of. A few companies, including Detectify, have been highlighting the importance of the attack surface and understanding the potential risks of the constantly-changing environment.
Remediating vulnerabilities efficiently is the cornerstone of a great vulnerability management program. Prioritizing becomes paramount as resources are often limited. Sometimes teams might pinpoint specific vulnerability types that are particularly risky for their attack surfaces, such as a misconfigured Amazon S3 bucket or even a new XSS vulnerability. Users can now filter the /Vulnerabilities view by title, such as a specific type of XSS or even the CVE name.
When Algolia’s security program manager Regina Bluman ran a Twitter poll to see how many people within the security industry understood the concept of EASM, she didn’t expect that the term is far from being on an IT security team’s radar. Moreover, most were not even aware of it.
The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online but knowing to what extent assets are exposed. Users can now toggle the view of their attack surface by active and inactive assets. When toggled on, users will see all active assets present on their attack surface in the last 14 calendar days making it easier to discern what may no longer be on the attack surface.
When I look at IT security I can clearly see how it has changed, being today much more mature now than it’s ever been. Governments are working on policies and legislation forcing companies to prioritize IT security. As a result, the entire bug bounty community has bloomed in a way that I could never imagine, security researchers are now working together with companies to identify and mitigate vulnerabilities in a way that we have never done before.
Our security researchers, engineers, and our Crowdsource community are actively working on understanding the vulnerabilities and developing tests. We have received a dozen POCs already and anticipate more over the coming days. While the situation is rapidly developing, here is what we know so far. The Spring Cloud Function vulnerability (CVE-2022-22963) was disclosed and patched earlier this week.
Detectify’s Surface Monitoring is the easiest way to monitor and manage your attack surface on the market. This product continuously monitors the configuration and attack surface of your domains and subdomains. It came from the realization that Application Scanning, our other product, is very detailed. Application scanning tries to find every nook and cranny of your application through crawling and fuzzing which is exactly what companies need for custom-built applications.
The modern infrastructure is controlled by the DNS with pointers to both internal and third-party services. As a result, organizations are simultaneously expanding their attack surface and inviting potential cyber threats. Unknown subdomains can be challenging, as they are not always closely monitored.
Rapid proliferation of data, growing volume of domains and subdomains, and rise in third-party software have expedited the need for having a robust security program in place. As the web-facing attack surface grows, existing security practices are falling behind.