In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand. We can break the attack surface down into two key perspectives (or generalized network locations), each of which covers hybrid environments (Cloud, On-Premise): External (EASM) – Public facing, internet exposed cyber assets Internal – Private network accessible cyber assets External (EASM) Today, most available ASM solutions are focused on External Attack Surface Management (EASM) which provides an attacker’s perspective of an organization, an outside-in view. In fact, it’s common for organizations, and some analyst firms, to refer to EASM as ASM. However, while this is important, it is only a small, and partial view of the attack surface in most organizations. EASM seeks to understand an organization’s external attack surface by collecting telemetry about an organization’s internet exposed, public facing assets. This telemetry is derived from different data sources such as vulnerability & port scans, system fingerprinting, domain name searches, TLS certificate analysis and more. It provides valuable insights into the low hanging fruit that attackers will target. Core EASM capability is the equivalent of pointing a vulnerability scanner at your known external IP address range.However,…Read More