There is a pressing need to protect an organisation’s digital assets against cyber attacks and it has never been more critical. The increasing complexity and dynamic nature of IT environments mean that traditional security measures often fall short. This has led to the emergence of new defensive approaches, such as attack surface management (ASM) that proactively safeguard against cyber threats.

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw. Its primary danger comes from the potential for providing unauthorized network access, both allowing attackers unfettered access to critical resources and, in some cases, giving attackers the ability to crash the firewall.

Increasing digitalization and connectivity mean the attack surfaces of most organizations are growing. This means more IT assets to track and manage, plus more potential attack routes for threat actors to target. The threat situation is constantly increasing, especially in the area of vulnerabilities – last year over 30,000 new vulnerabilities were published. So how can you get an accurate view of your attack surface and where it might be open to exploitation?

External attack surface management (EASM) is the continuous exercise of managing cybersecurity risks associated with an organization’s external-facing digital assets. The process includes monitoring, identifying, reducing, and mitigating risks present across an organization’s external attack surface.

Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions to secure the attack surface, such as extended detection and response (EDR or XDR), security information & event management (SIEM), and security orchestration, automation & response (SOAR); despite that, these tools often do not prioritize APIs.

While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain an accurate record of these assets to ensure proper configuration and patch management.

Effective asset management and rapid incident response are crucial for maintaining cybersecurity defenses. To address these needs, and building on its previous Vulnerability Response module integration, CyCognito has announced a new certified integration with ServiceNow’s Configuration Management Database (CMDB).

This post is based on ongoing security research – the post will continue to be updated as we get additional information… A critical vulnerability has just been announced in Ivanti’s Virtual Traffic Manager (vTM) that allows unauthenticated remote attackers to create administrator users.

Non-human identities (NHIs) dominate the era of cloud services and SaaS applications. They are the identities that authenticate between different servers, APIs and third party integrations to provide programmatic access to data and services. Non-human identities utilize different protocols, such as OAuth, REST and SSH.

TLDR: The ways that organizations find and fix security exposures have been flawed for years. Traditional vulnerability management (VM) programs have failed to address the core issues. What’s worse, the relatively new category of External Attack Surface Management (EASM) has not solved the problems it aimed to solve. But hope, in the form of Exposure Management, is on the way.