Risk Management
Modern Attack Surface Management (ASM) for SecOps
Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management (ASM) and what SecOps need to look for in an ASM solution.
Today’s distributed environment of remote working endpoints, cloud apps and infrastructure, IoT devices and much more, have made securing the attack surface a daunting challenge. In response, organisations deployed a slew of security products to tackle individual concerns.
The result: irregular, piecemealed inventory that cannot keep pace with the fluid attack surface— especially in the cloud—nor provide enough context, leading to alert overload and a wild goose chase in terms of remediation. A global Trend Micro survey found that 51% of respondents felt their SecOps teams are drowning in alerts and 43% admit to turning off alerts due to stress.
Evidently, SecOps teams need to shift to more robust, modern ASM solutions to reduce alert overload, be more proactive, and respond faster to detections.
Getting the most value out of modern ASM
Not all solutions are built the same. Many vendors will cover the basic tenants of ASM: discovery, assessment, and mitigation. And while this a great first step, it’s not enough. Each step is nuanced and requires broad capabilities that modernise SOC processes and empower teams to resolve problems faster with less complexity and stress.
Rapid, continuous attack surface discovery
First, teams need to identify an organisation’s devices, internet-facing assets, accounts, applications, and cloud assets that could provide entry points for cybercriminals. This requires total and real-time visibility, which is only possible if the solution integrates with third-party sources and scans across on-premises, cloud, and hybrid cloud environments continuously.
The right ASM solution will enable teams to clearly view public domain and IP under their organisations and gain visibility into associated potential risk, security misconfiguration, vulnerability, or expired certificates. SecOps should be able to connect identity and access management (IAM) tools to gain deeper insight into user accounts and related apps and devices the user accesses.
Real-time risk assessment and prioritisation
Next: assessment. Some vendors might only provide point-in-time assessments instead of continuous and contextual evaluations. Sure, the number of alerts will be reduced, but it still leaves SecOps unsure of which risks need to be mitigated first, increasing the probability of a successful attack.
A strong ASM solution goes beyond simple assessment by rapidly prioritising risk against several factors such as likelihood of an attack, possible impact of an outage, and asset criticality. Furthermore, the status of an organisation’s software patches, and any CVEs should be compiled, then compared against both local and global threat intelligence. For example, a vulnerability on a device in a private network is inherently less risky than a vulnerability on a public-facing web server. Therefore, if the CEO’s account is associated with the latter, the criticality of the asset and risk would be prioritised higher than the same vulnerability on a graphic designer’s account.
Proactive risk remediation and management
Risk prioritisation helps teams anticipate adversaries faster, leading to speedier mitigation. ASM solutions should leverage AI and ML to synthesise vulnerabilities, risks, security controls and overall posture to provide SecOps teams with risk remediation suggestions. This will accelerate response actions and mitigate risk before the incident is realised. Bonus points if the solution can orchestrate and automate risk response across the enterprise.
Beyond the security benefits of ASM, the solution should empower SecOps managers and teams to confidently relay KPIs and metrics and show tangible operational efficiency to their CISOs. Furthermore, the ASM solution should provide crucial cost savings by consolidating various security tools and improving efficiency with prioritisation and automation.
The platform approach
According to a Trend Micro study, 89% of respondents have plans to consolidate security products or switch to a platform in the near future. And for good reason: a platform approach is essential to reducing alert overload from disconnected security solutions and empowering security teams to make risk-based decisions.
Trend Vision One ™ Attack Surface Risk Management (ASRM), supported by Trend’s industry-leading research, is a cornerstone solution within the Trend Vision One ™ platform. ASRM empowers security leaders to consistently uncover, identify, and prioritise organisational risks, enabling them to swifty take data-driven actions to proactively mitigate risk and reduce their attack surface.
The Trend Vision One platform is built to unify policy management, ASRM, and detection and response capabilities across the enterprise. The platform’s native-first, hybrid approach to XDR and ASM benefits security teams by delivering richer activity telemetry—not just detection data—across security layers with full context and understanding. This enables teams to contextualise risk and reduce the likelihood of attacks—while reducing false positives and noise within the environment continuously and proactively.
Additionally, Trend Vision One can help organisations operationalise Zero Trust. Contextualised and cross-referenced data across security layers establish baselines of regular activity amongst devices, users, and network activity, which is key to the effectiveness of Zero Trust. These baselines enrich the asset’s profile, making it easier to investigate anomalies—and the findings can be used to inform access control policies and risk management decisions.
Furthermore, Trend Vision One can automate and orchestrate workflows to enhance and augment security analysts’ efforts by speeding up standard operation procedures, removing manual steps, and enabling quick analysis and action such as vulnerability patching. According to ESG, 51% of organisations have improved threat detection as a result of automating security processes via playbooks.
Conclusion
Today’s attack surface challenges require modern approaches beyond piecemealed, inconsistent inventory. When you choose Trend’s Attack Surface Risk Management, you are choosing a solution with next-gen capabilities:
- Faster detection due to total visibility with automated, continuous external and internal attack surface discovery across on-premises, cloud, and hybrid-cloud environments
- Reduces tool sprawl by consolidating risk management capabilities like asset discovery, vulnerability prioritisation, cloud security posture management (CSPM), and cloud infrastructure entitlement management (CIEM)
- Clearly view public domain and IP under your organisation and gain visibility into associated potential risk, vulnerability, or expired certificates
- Connect Active Directory (AD), Microsoft Azure Active Directory (Azure AD), and AWS Identity and Access Management (IAM) tools to gain deeper insight into user accounts and apps/devices accessed by said user
- Attack surface inventory displays real-time updates to inform and prioritise response actions
- View organisational cyber risk score across the entire environment
- Ability to view and track unpatched vulnerabilities, system configuration, and user activity and behaviour trends over time
- Contextualised risk assessments, analysis, and scoring to prioritise which assets pose the highest risk
- Custom remediation recommendations based on the situational risk or threats
- Automated remediation actions across the attack surface
- Customizable dashboards and reporting for real-time updates and risk insights
To learn more about how Trend Micro can transform your cyber risk management practise with ASRM, click here.