All Articles

Demystifying External Attack Surface Management: Key Insights and Use Cases by Ed Adams, Paul Dibello, Tejas Shroff and Bikash Barai

Posted by Priya R on May 12, 2024 at 8:03pm in Blog

 

 Demystifying%20External%20Attack%20Surface%20Management_%20Key%20Insights%20and%20Use%20Cases.png

 

Welcome to an insightful discussion on External Attack Surface Management (EASM) brought to you by the SISO Platform. In today's dynamic cybersecurity landscape, understanding and managing external attack surfaces are paramount for organizations to enhance their security posture. Our esteemed panelists will delve into the concept of EASM, its significance, common use cases, and its relation to industry frameworks like MITRE ATT&CK. Let's explore how EASM is reshaping cybersecurity strategies and preparing organizations for evolving threats.

 

 

Here is the verbatim discussion:

so the coverage of Discovery is one of the things the second thing is the false positives so when you do esm it's a very hard problem because there are ephimeral IPS which are continuously changing on the cloud how well can you discover those now there's no perfect solution in the world today everybody is working towards that but look for the false positives out there there are um suppose um uh WF uh IPS and CDN IPS so you those are not exactly your IPS so how how does the system discover those and appropriately tag those assets so the coverage of asset Discovery is one thing the tagging of asset Discovery by type is the second thing the third is the false positive rate over there and the fourth thing is also going to be the false negatives what am I missing out what are those assets which are out there but the system is not to discover so this is one part the other part is how frequently is the system doing it I mean how how many times does the database get uh refreshed I mean does it get refreshed every day who's really working on it but to go into that use case I think the use case we had done for a very large uh client of mine and what we had done was they wanted to get an assessment done uh and we did it on both sides one from a external attack surface management where we compiled a list of uh external assets and uh approached it from the outside with the external attack surface management to identify the list of Discovery and the other one was from the bottom up approach using more of a security architecture and based on that we tried to uh converge and come up with a point and we added the third angle to that some of those external assets we even had some deep and dark web scans and some of the results were so so surprising and one thing which I found as a part of my research was almost 90% of the transactions happen in the dark web me which we are not even aware and lot of people they are just scratching the surface when they think that everything happens in the clear web well so much work happens in the dark web that we are not even aware and that use case help the client show what's going on sales and business development business Partnerships here at fire compus um I have the distinct honor today of Hosting uh what I hope and I know will be a very informative and interactive panel um with some very talented uh cyber security leaders um this session just so let everybody know is has been organized by the siso platform uh topic for our discussion today why is the gardener group uh talking about external attack surface management uh a new acronym that we're all going to start to see we don't have enough acronyms in our business right our industry so called easm so our panelists will give you some critical insights common use cases talk a little bit about some comparisons and and contrasts with a lot of the different types of uh of of again Gardener and Industry Forester and Industry acronyms that we see out there as it relates to the concept of of attack surface Recon and and and surface management as well as exploitation and continuous testing um and talk a little bit of how it relates to the miter attch framework uh this session today will be a precursor to the 13th annual siso platform Summit which will uh which will take place next week on I believe June the 2nd and 3rd so it's a little little little teaser um in advance of the sessions uh that we'll all be a part of next week um we're going to touch upon understanding a little bit about this um especially in where we are in our our up crazy.

 

Highlights :

Significance of EASM:

  • EASM involves reconnaissance, discovery, and continuous testing of an organization's external digital footprint.
  • Understanding the external attack surface is crucial for identifying vulnerabilities, mitigating risks, and fortifying cyber defenses.
  • EASM complements traditional security measures by providing a proactive approach to threat detection and response.

Common Use Cases:

  • Asset Discovery: EASM tools enable organizations to identify and catalog external assets, including websites, applications, and cloud services.
  • Tagging and Classification: Efficient tagging of discovered assets by type helps prioritize remediation efforts and streamline security management.
  • False Positive Mitigation: EASM solutions aim to reduce false positives by accurately identifying and categorizing assets, minimizing noise in security alerts.
  • False Negative Identification: Organizations must address false negatives to ensure comprehensive coverage of their external attack surface and minimize blind spots.

Real-World Example:

  • A large client underwent an EASM assessment, combining external reconnaissance with internal security architecture analysis.
  • The assessment revealed surprising findings, including the prevalence of transactions in the dark web, highlighting the importance of comprehensive threat visibility.
  • EASM provided insights into overlooked assets and vulnerabilities, empowering the client to enhance their security posture and proactively address potential threats.

Role in Cybersecurity Strategy:

  • EASM serves as a critical component of modern cybersecurity strategies, offering continuous monitoring and threat intelligence to detect and mitigate external threats.
  • Integration with industry frameworks like MITRE ATT&CK enhances threat detection and response capabilities, aligning security operations with recognized best practices.
  • Collaboration between EASM providers, security vendors, and cybersecurity professionals fosters a proactive approach to cybersecurity, enabling organizations to stay ahead of emerging threats.

 

External Attack Surface Management is a cornerstone of effective cybersecurity, providing organizations with the visibility and insights needed to protect against external threats. By embracing EASM solutions and integrating them into their cybersecurity strategies, organizations can enhance their resilience, minimize risks, and safeguard their digital assets in today's ever-evolving threat landscape. Stay informed, stay proactive, and stay secure with EASM.

 

Speakers:

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/

 

Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.

https://twitter.com/appsec

https://www.linkedin.com/in/edadamsboston

 

Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.

https://www.linkedin.com/in/pauldibello11

 

Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.

https://www.linkedin.com/in/tejasshroff

Views: 24
Tags: asm, easm, attack surface management, external surface management, gartner, upcoming
E-mail me when people leave their comments –
Follow

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)