{"id":54856,"date":"2023-12-14T00:00:00","date_gmt":"2023-12-14T00:00:00","guid":{"rendered":"urn:uuid:e3b45762-01dc-9260-259a-39b73f637b78"},"modified":"2023-12-14T00:00:00","modified_gmt":"2023-12-14T00:00:00","slug":"modern-attack-surface-management-asm-for-secops","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/modern-attack-surface-management-asm-for-secops\/","title":{"rendered":"Modern Attack Surface Management (ASM) for SecOps"},"content":{"rendered":"

<\/p>\n

<\/div>\n

Today\u2019s distributed environment of remote working endpoints, cloud apps and infrastructure, IoT devices and much more, have made securing the attack surface a daunting challenge. In response, organizations deployed a slew of security products to tackle individual concerns.<\/p>\n

The result: irregular, piecemealed inventory that cannot keep pace with the fluid attack surface\u2014 especially in the cloud\u2014nor provide enough context, leading to alert overload and a wild goose chase in terms of remediation. A global Trend Micro survey<\/a> found that 51% of respondents felt their SecOps teams are drowning in alerts and 43% admit to turning off alerts due to stress.<\/p>\n

Evidently, SecOps teams need to shift to more robust, modern ASM solutions to reduce alert overload, be more proactive, and respond faster to detections.<\/p>\n

Getting the most value out of modern ASM<\/span><\/span><\/p>\n

Not all solutions are built the same. Many vendors will cover the basic tenants of ASM: discovery, assessment, and mitigation. And while this a great first step, it\u2019s not enough. Each step is nuanced and requires broad capabilities that modernize SOC processes and empower teams to resolve problems faster with less complexity and stress.<\/p>\n

Rapid, continuous attack surface discovery<\/b><\/p>\n

First, teams need to identify an organization\u2019s devices, internet-facing assets, accounts, applications, and cloud assets that could provide entry points for cybercriminals<\/a>. This requires total and real-time visibility, which is only possible if the solution integrates with third-party sources and scans across on-premises, cloud, and hybrid cloud environments continuously.<\/p>\n

The right ASM solution will enable teams to clearly view public domain and IP under their organizations and gain visibility into associated potential risk, security misconfiguration, vulnerability, or expired certificates. SecOps should be able to connect identity and access management (IAM) tools to gain deeper insight into user accounts and related apps and devices the user accesses. <\/p>\n

Real-time risk assessment and prioritization<\/b><\/p>\n

Next: assessment. Some vendors might only<\/i> provide point-in-time assessments instead of continuous and contextual evaluations. Sure, the number of alerts will be reduced, but it still leaves SecOps unsure of which risks need to be mitigated first, increasing the probability of a successful attack. <\/p>\n

A strong ASM solution goes beyond simple assessment by rapidly prioritizing risk against several factors such as likelihood of an attack, possible impact of an outage, and asset criticality. Furthermore, the status of an organization\u2019s software patches<\/a>, and any CVEs should be compiled, then compared against both local and global threat intelligence. For example, a vulnerability on a device in a private network is inherently less risky than a vulnerability on a public-facing web server. Therefore, if the CEO\u2019s account is associated with the latter, the criticality of the asset and risk would be prioritized higher than the same vulnerability on a graphic designer\u2019s account.<\/p>\n

Proactive risk remediation and management<\/b><\/p>\n

Risk prioritization<\/a> helps teams anticipate adversaries faster, leading to speedier mitigation. ASM solutions should leverage AI and ML to synthesize vulnerabilities, risks, security controls and overall posture to provide SecOps teams with risk remediation suggestions. This will accelerate response actions and mitigate risk before<\/i> the incident is realized. Bonus points if the solution can orchestrate and automate risk response across the enterprise.<\/p>\n

Beyond the security benefits of ASM, the solution should empower SecOps managers and teams to confidently relay KPIs and metrics and show tangible operational efficiency to their CISOs. Furthermore, the ASM solution should provide crucial cost savings by consolidating various security tools and improving efficiency with prioritization and automation.<\/p>\n

The platform approach<\/span><\/span><\/p>\n

According to a Trend Micro study,<\/a> 89% of respondents have plans to consolidate security products or switch to a platform in the near future. And for good reason: a platform approach is essential to reducing alert overload from disconnected security solutions and empowering security teams to make risk-based decisions. <\/p>\n

Trend Vision One \u2122<\/b> Attack Surface Risk Management (ASRM), supported by Trend\u2019s industry-leading research, is a cornerstone solution within the Trend Vision One \u2122<\/b><\/a> <\/b>platform. ASRM empowers security leaders to consistently uncover, identify, and prioritize organizational risks, enabling them to swifty take data-driven actions to proactively mitigate risk and reduce their attack surface.<\/p>\n

The Trend Vision One platform is built to unify policy management, ASRM, and detection and response capabilities across the enterprise. The platform\u2019s native-first, hybrid approach to XDR and ASM benefits security teams by delivering richer activity telemetry\u2014not just detection data\u2014across security layers with full context and understanding. This enables teams to contextualize risk and reduce the likelihood of attacks\u2014while reducing false positives and noise within the environment continuously and proactively.<\/p>\n

Additionally, Trend Vision One can help organizations operationalize Zero Trust.<\/a> Contextualized and cross-referenced data across security layers establish baselines of regular activity among devices, users, and network activity, which is key to the effectiveness of Zero Trust. These baselines enrich the asset\u2019s profile, making it easier to investigate anomalies\u2014and the findings can be used to inform access control policies and risk management decisions. <\/p>\n

Furthermore, Trend Vision One can automate and orchestrate workflows to enhance and augment security analysts\u2019 efforts by speeding up standard operation procedures, removing manual steps, and enabling quick analysis and action such as vulnerability patching. According to ESG,<\/a> 51% of organizations have improved threat detection as a result of automating security processes via playbooks. <\/p>\n

Conclusion<\/span><\/span><\/p>\n

Today\u2019s attack surface challenges require modern approaches beyond piecemealed, inconsistent inventory. When you choose Trend\u2019s Attack Surface Risk Management, you are choosing a solution with next-gen capabilities:<\/p>\n