Beyond Perimeter Security: The Role of Attack Surface Management

The attack surface — i.e. the sum of all possible points, or "attack vectors,” where an unauthorized user can enter or extract data — of modern organizations keeps growing at speed.

Unlike the single websites and contained networks of the past, they now have to contend with ever-increasing potential entry points that are immeasurably harder to define and defend. This development, as complex as it is, also presents an opportunity for managed service providers (MSPs) to step in and provide their small to midsize business (SMBs) with the intricate knowledge it takes to reduce the risk of exploitation.

While external attacks seize the biggest headlines, a senior Forrester analyst makes an important point in the introduction to the research firm’s latest report on the state of enterprise breaches:

“Concerns over types of breaches are far afield from the reality on the ground. Security decision-makers are more concerned about external attacks than any other attack vector, at 47%. Breaches come in various ways, however, and are much more evenly spread in frequency among external attacks, lost/stolen assets, internal incidents, and third-party providers.”

Understanding Attack Surface Management

Enter attack surface management (ASM), the ongoing process of identifying, classifying, prioritizing, and securing these potential points of entry to reduce the overall risk of a breach. The process takes aim at the entire IT ecosystem and can be divided into two broad categories that share the same goal — identifying and mitigating risks before attackers can exploit them:

1. External attack surface management (EASM): This focuses specifically on the external portion of an organization's attack surface — the assets that are exposed to the internet and thus accessible to potential attackers anywhere in the world. This might include public-facing websites, cloud-based applications, internet-connected devices, or digital assets associated with an organization's brand that could be targeted in phishing campaigns.
2. Internal asset management: This refers to the process of managing assets that are only accessible to authorized users within an organization, including, for instance, data, applications, and systems.

Why ASM Has Emerged as Cybersecurity Pillar

Attack surface management, as a concept and a practice, has grown in response to the increasingly complex digital environments and advanced threats that have evolved over the past few decades.

In the early days of the internet, the concept of an “attack surface” was, as we pointed out earlier, relatively straightforward. The potential entry points for attackers were fairly limited and easy to identify. But as technology evolved, so did the attack surface.

Early 2000s: Entry Points Begin to Grow in Number

The late 1990s and early 2000s saw the rise of ecommerce and the wider adoption of web applications in businesses. This resulted in more entry points for attackers and the introduction of new types of vulnerabilities. At the same time, the growing popularity of the internet among consumers led to an increase in cybercrime.

Around this time, Microsoft began using the term "attack surface" in the context of software security. They defined it as the amount of code that could be accessed by unauthorized users. This was a key part of their strategy to reduce vulnerabilities in their software, which involved minimizing the attack surface as much as possible.

Late 2000s and 2010s: Perimeter Security Not Enough

In the late 2000s and 2010s, the widespread adoption of cloud services and IoT devices, as well as the increasing practice of remote work, led to a further expansion of the attack surface. According to Pew Research, 35% of workers with jobs that can be done remotely work from home all the time, compared to only 7% before the COVID-19 pandemic. As a result, traditional perimeter-based security measures, like firewalls, became less effective as data and services moved outside the corporate network. (Reading tip: Why Antivirus and RMM Don’t Work as Vulnerability Assessment Tools)

In response to these changes, cybersecurity professionals began focusing more on attack surface management — identifying and securing all potential points of entry, rather than just protecting the perimeter. This shift was also driven by the increasing regulatory requirements for businesses to manage their cybersecurity risks. (Reading tip: Attorney Eric Tilds on What Businesses Should Know About Cyber Insurance)

Today: Cybersecurity Requires ASM

Today, attack surface management is a key component of any cybersecurity strategy. It involves not just technical measures like vulnerability scanning and patch management, but also broader strategies like employee training, third-party risk management, and incident response planning.

The Mechanism Behind Attack Surface Management

To get started with attack surface management, MSPs first need to discover all of the assets within their client's digital ecosystem. This can include obvious components like web servers and email systems, as well as oft-forgotten assets like IoT devices, cloud storage, and third-party services.

Once these assets have been identified, the next step is to analyze each one for potential vulnerabilities. This might involve anything from scanning for unpatched software to testing firewall configurations to identify weaknesses.

After potential vulnerabilities have been identified, they are prioritized based on factors such as their severity, the importance of the asset they affect, and the likelihood of them being exploited. MSPs can then work to mitigate the highest priority vulnerabilities, reconfigure systems to minimize the risk they pose, or even retire assets that are too risky to keep. (Reading tip: EPSS Scoring: A Quick Guide on Vulnerability Prioritization for MSPs)

Lastly, this process isn't a one-time event. The digital landscape is constantly changing, which means new vulnerabilities are always emerging. This requires regular reassessment and continuous monitoring for changes in the attack surface.

The Impact on MSPs and Their SMB Clients

For MSPs, implementing attack surface management provides an opportunity to elevate their cybersecurity offering and bring more value to their SMB clients.

1. Enhanced Security Posture: By systematically identifying and securing potential points of entry, MSPs can significantly reduce the risk of a successful cyber attack. This not only helps protect client data, but also the MSP's reputation. The fact that as many as 83% of organizations experienced at least one data breach last year, according to IBM’s Data Breach Report, shows the scope of the threat and the need for a more systematic approach to identifying and remediating vulnerabilities.
2. Streamlined Resource Allocation: With a clear view of the attack surface, MSPs can make informed decisions about where to focus their resources. This enables them to prioritize efforts on high-risk areas, increasing efficiency and effectiveness. EPSS is a key component of this process, enabling MSPs to prioritize vulnerabilities based on risk.
3. Compliance Assurance: Many industries require businesses to adhere to specific cybersecurity regulations. By documenting the steps taken to manage the attack surface, MSPs can help their clients demonstrate compliance with these requirements.
4. Proactive Approach: Attack surface management shifts the approach from reactive to proactive. Instead of waiting for a breach to occur, MSPs are taking steps to prevent them in the first place. A business that focuses on the Identify and Protect aspects of the NIST Cybersecurity Framework will effectively reduce the number of episodes that require activation of the next three steps (Detect, Respond, Recover). (Reading tip: Understanding the Big Picture of Cybersecurity Starts with NIST)
5. Client Trust: By demonstrating a strong commitment to security, MSPs can increase trust with their clients. This can lead to stronger relationships, increased client retention, and a competitive edge in the market. (Reading tip: TeamLogic IT Finds ‘Game Changer’ in ConnectSecure)

Summing Up

In conclusion, attack surface management represents a significant opportunity for MSPs to improve their security posture, streamline their operations, and strengthen their client relationships. As threats continue to evolve, embracing strategies like this will be key to staying ahead of the curve. MSPs that recognize the benefits and invest in attack surface management will not only protect their clients but also secure their own future.

ConnectSecure cybersecurity platform now includes Attack Surface Scanning, providing a 360-degree view of network vulnerabilities.  Sign up for a free 14-day trial today.