How to Discover and Continuously Assess Your Entire Attack Surface
To eliminate network blind spots and fully understand your entire attack surface, it's essential to determine which discovery and assessment tools are required for each asset type.
If you've been in security for more than a few years, you've undoubtedly watched your network evolve from containing strictly traditional, on-premises IT assets to one that comprises both on-prem and cloud-based environments with myriad asset types, including virtual platforms, cloud services, containers, web apps, operational technology (OT) and internet of things (IoT). While the evolution itself is well understood by security professionals, many still struggle to make the appropriate modifications that will enable them to fully discover and properly assess their broad array of modern digital assets.
Back when networks were no more than homogeneous collections of physical, on-premises IT assets, mostly sitting within the organization's well-controlled data center and IP address space, simply running a network vulnerability scanner was sufficient to understand what you had and where you were exposed. It was common to take on a "boil the ocean" approach when evaluating where you were potentially at risk from adversaries exploiting your vulnerabilities. But with today's array of asset types, you need more purpose-built tools to safely and accurately gain visibility across the entire attack surface and develop a deep understanding of the security posture of every asset, wherever it lives in the environment.
Most modern asset types require a specific methodology and/or toolset for discovering and accurately assessing them. Here are a few examples:
- Cloud connectors: Since cloud environments aren't physically attached to the network, a connector is necessary to keep them in contact with the vulnerability management platform.
- Agents: Assets such as laptop computers are oftentimes disconnected from the network during routine scans, causing their vulnerabilities to be missed for long periods of time. Installing agents locally on the host can solve this challenge by continuously monitoring and reporting back findings whenever the asset is attached to the network.
- Active query sensors for OT devices: Most assets in OT and IoT environments are purpose-built systems that operate very differently from traditional IT assets. Because of this, they are best assessed with sensors that can safely query (NOT scan!) these devices using their native command language to determine if vulnerabilities or misconfigurations exist. This allows for constant monitoring not only for potential attacks, but also for misconfigurations in settings and thresholds.
- Web app scanner: Web apps look and behave differently than traditional IT assets for a variety of reasons. And their vulnerabilities are typically categorized as Common Weakness Enumerations (CWEs) rather than Common Vulnerabilities and Exposures (CVEs). As a result, a purpose-built scanner is required to discover and assess web apps to gain an understanding of your web application security posture.
- Container security: Modern digital assets, such as container images, can't be assessed using traditional methods. Security devices made specifically for containers can store and scan container images as the images are built and provide vulnerability and malware detection, along with continuous monitoring and validation of container images.
Of course, a major problem security professionals face today is that they have far more vulnerabilities than they can ever handle. Taking a "boil the ocean" approach simply isn't feasible for most organizations due to resource and time limitations. Instead, you need to determine which vulnerabilities actually pose the greatest risk to your most critical systems, so that you can effectively prioritize your remediation efforts.
To perform effective vulnerability prioritization, you need to analyze your security data to fully understand each vulnerability in context. Problem is, you probably already have too much data to analyze, and you're probably analyzing it all manually. And each of the security tools highlighted above generates even more data, thereby exacerbating the issue. That's why you need a comprehensive vulnerability management platform capable of ingesting all types of security data and employing automation to process and analyze it immediately. This way, you get the security intelligence you need at the speed you require.
In short, matching the right discovery and assessment tools with each asset type enables you to fully understand your entire attack surface by eliminating blind spots across your network. And using a vulnerability management tool capable of ingesting the inputs from each of these tools enables you to assess your various assets in a unified view so you can properly prioritize your vulnerability remediation efforts.
Learn more
- Want to learn more about determining the right sensors and methods for discovering and assessing your entire attack surface ― and then how to effectively deal with the barrage of data that comes with all of that additional visibility? View the webinar, It May Be Time to Stop Freaking Out About Too Many Vulnerabilities
- Learn how to migrate from legacy VM to risk-based VM, including the recommended tools, products and partner integrations for each procedural step. Read the whitepaper, Reference Architecture: Risk-based Vulnerability Management
- Learn why a unified VM platform is necessary to dynamically assess and defend your entire attack surface. Read the whitepaper, Overcoming Challenges Created by Disparate Vulnerability Management Tools
Related Articles
- Cloud
- Risk-based Vulnerability Management
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning