While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain an accurate record of these assets to ensure proper configuration and patch management. This phase saw organizations grappling with an ever-increasing number of on-premises (later cloud), cyber-physical, and personally-owned assets, which expanded their attack surfaces. Key challenges were:
As the internet and digital technologies evolved, so did the threat landscape. The rapid increase in digital assets, including those resulting from mergers and acquisitions, expanding supply chains, and proliferation, made maintaining a comprehensive asset inventory difficult. The early 2000s saw a rise in automated vulnerability scanning tools, which allowed organizations to identify and prioritize vulnerabilities across their digital assets. This period marked the transition from basic asset management to more sophisticated vulnerability management. At the same time, ASM solutions were siloed and technical, primarily providing visibility into digital assets and their associated vulnerabilities. The primary goal during this phase was to map these assets and identify vulnerabilities, offering basic prioritization to meet immediate needs in vulnerability management, security compliance, and supply chain risk management. Key changes and challenges were:
In the mid-2010s, threat intelligence integration into ASM practices became more prevalent. Threat intelligence provides contextual information about the tactics, techniques, and procedures (TTPs) used by attackers, enabling organizations to better understand and defend against emerging threats. There are a few progress advancements:
The late 2010s saw the advent of continuous monitoring technologies, which enabled organizations to maintain real-time visibility into their attack surfaces. Continuous monitoring tools provided automated, ongoing assessments of digital assets, allowing for faster detection and response to security incidents. It brought to the market tools like:
As the complexity of digital environments grew, so did the need for integrated ASM solutions. Modern ASM platforms now incorporate a wide range of capabilities, including asset discovery, vulnerability management, threat intelligence, continuous monitoring, and security validation. As digital transformation initiatives expanded, ASM tools began integrating with Continuous Threat Exposure Management (CTEM) programs. This integration allowed for a more holistic approach to threat management, reducing breaches significantly. ASM capabilities merged with tools for vulnerability assessment, threat intelligence, automated pentesting, and breach and attack simulation. This integration facilitated continuous monitoring and assessment of digital assets, improving organizations’ ability to respond to evolving threats and optimize their security posture. Key advancements during this phase included:
The final phase of ASM evolution involves its integration with Cybersecurity Validation (CSV). CSV practices validate how attackers could exploit identified threats and assess the effectiveness of security controls. By incorporating ASM into CSV tools, organizations can gain an “outside-in” view of their attack surface, understanding the context around each asset’s discoverability, attractiveness to attackers, and ease of exploitation. This phase emphasizes continuous security validation and the use of automated and AI-powered solutions to enhance vulnerability discovery, prioritization, and remediation.
Features and benefits of this phase include:
The evolution of Attack Surface Management (ASM) has been driven by the expanding digital footprints of enterprises, necessitating sophisticated solutions to discover, prioritize, and mitigate vulnerabilities. Despite the evolution of ASM tools, they often do not prioritize APIs. At the same time, today APIs are indispensable for integrating various software systems; however, this integration broadens the attack surface, making APIs primary targets for cybercriminals.
APIs have become indispensable for integrating software systems, yet they also significantly broaden the attack surface. API vulnerabilities surged by 30% from 2022 to 2023, highlighting the urgent need for robust API security measures. API discovery and auditing are critical, yet many organizations struggle with up-to-date documentation and comprehensive visibility into their APIs. Effective API security involves understanding API specifications, conducting audits, implementing API gateways, and leveraging API marketplaces and development tools.
That is why API Discovery Tools such as AASM (API Attack Surface Management) by Wallarm are the next evolutionary step in the development of ASM technologies. They add value to all existing technologies made over the last twenty years, but with a specific focus on API security.
API Attack Surface Management (AASM) is an agentless detection solution, so you won’t need to install or configure anything into your infrastructure. This solution is tailored to the API ecosystem and designed to discover all external hosts with their Web Apps & APIs. You can learn more about AASM by Wallarm here.
The post Evolution of Attack Surface Management appeared first on Wallarm.
*** This is a Security Bloggers Network syndicated blog from Wallarm authored by kbroughtone95ea5fa6a. Read the original post at: https://lab.wallarm.com/evolution-of-attack-surface-management/