Your Internet Secret Service, Otherwise Known as External Attack Surface Management (EASM)
Have you ever thought of what else you could do to take your SOC to the next level and focus on prevention? External attack surface management (EASM) was a popular managed service and topic of discussion at RSA Conference 2023.
Out of the dozens of vendors I spoke to at RSA Conference 2023 this year, EASM vendors were of special interest to me. Several members had asked me on analyst calls about what services they offered, an overview of their platforms, and my thoughts. I must confess, I was only vaguely familiar with the vendors and products in this area until I started asking questions during demos and understanding their capabilities well enough to share some insights.
After speaking to several EASM vendors, they shared some differentiating features, but if you’re in the market, at a minimum, you should look for three key capabilities:
- External Asset Management – You want to know about assets you are unaware of. If you have a cloud application security broker (CASB), this will extend its reach across the internet, it’s the “Secret Service” I mentioned above.
- Managed Threat Intelligence – This should be an aggressive pipeline of threat intelligence fed into your threat management tools. You’re paying for the quality, fidelity, and volume.
- Extended Vulnerability Management – Go beyond your defined perimeter and discover risks you were unaware of. This includes the deep web, of course, but other things, like decommissioned assets that are still running risky services and posing a risk to the firm, also resonated with me. You might have never stumbled on this issue, but I recall thinking a number of times over the years: “Weren’t these supposed to be shut down and confirmed out of service by our scans?”
I wanted to share my insights after speaking with two EASM vendors at length: ZeroFox and CybelAngel (that’s not a typo: “Cybel,” not “Cyber”). Both caught my eye at the expo hall, and I was on a mission to learn more about their capabilities.
A company that has won SINET16 and was featured in Dark Reading, ZeroFox promises to go on a fox hunt, seeking out your adversaries and providing around-the-clock digital risk protection. Three key differentiators were shared with me as well:
- Scope – unparalleled social media coverage.
- Innovation – patented SaaS technology with best-in-breed threat intelligence feeds.
- Unrivaled scale – the speed of takedowns and other mitigating actions at volume is based on strong industry partnerships and track record.
ZeroFox Leadership Team, Company, Investors | ZeroFox, Company website, 2023.
A company started by two brothers in 2013, Erwan and Stevan Keraudy, both passionate about cybersecurity. Today, the company has grown to nearly 200 employees that are focused on external threat protection for your organization. They shared three differentiating traits with me:
- Be proactive – detect, discover, and resolve external threats.
- Stay efficient – only manage true positives.
- Safeguard – protect your organization and brand.
Digital Risk Protection from Cyber Threats - About Us at CybelAngel, Company website, 2023.
Both companies offer compelling products. Whichever vendor you choose should perform the mitigation for you – some of the vendors I spoke to only do a report, and you need to spend the time with the follow-up actions. This can come at an extra cost, so be explicit in stating your needs.
Ask for data breach prevention; in other words, have them scan everywhere for open ports on rogue assets, storage buckets like S3, and other risks that may have evaded you. They should also provide dark web monitoring to provide insight on threats planned against your organization. Domain name protection is a must – these attacks are commonly known as typosquatting, where attackers use lookalike characters or other tomfoolery to phish you. Have the vendor perform the takedowns as part of the service, and ask for their track record, relationships, and service level objectives (SLOs).
Finally, account takeover (ATO) prevention is an area that was of interest to me coming from a fintech. Both CybelAngel and ZeroFox can search for your leaked credentials in paste sites, ransomware gang Discords, and other criminal marketplaces. Ask for their trial and conduct a proof of concept. Some vendors offer three-week trials or longer based on scope and intent.
Want to Know More?
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.
COVID-19 has changed a great deal about how businesses operate. From a security perspective, however, COVID-19 caught many businesses off guard. The shift from working in the office to working from home has made it difficult for security measures to keep pace. Specifically, how are businesses meant to maintain the same secure networks when their employees are no longer working in the office? Outside of the security of the IT departments, IT and security have a tough time ensuring that patching and vulnerability management remain at the forefront of a business’s priorities.
Google has identified “unsafe” code in the Chromium web browser engine. This flaw introduces a potential vulnerability that effects Google Chrome, as well as all Chromium-based web browsers.
More than ever, cybersecurity solutions are core to any MSPs offering. No longer should technology service providers be farming this out to dedicated security providers. Trust and peace of mind are the core tenets of what they are selling and solutions like Acronis Cyber Protect Cloud can provide the platform upon which to deliver on those promises.
Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.
We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.