Enhance Cybersecurity with Cyber Asset Attack Surface Management
Posted May 25, 2023 by Sayers
An overlooked asset or system in your organization could have vulnerabilities that haven’t been remediated – exactly what malicious actors hope to find as an attack vector into your network. When you have better visibility into your organization’s devices, applications, networks, data, and users, you will know what you need to protect, where they are, and how vulnerable they’ve become.
Organizations with an incomplete or obsolete asset inventory often struggle with looping in different teams to correlate assets for an accurate and current view. According to a 2022 report from Enterprise Strategy Group on Security Hygiene and Posture Management:
Cyber Asset Attack Surface Management (CAASM) can be the best first step to improve your cybersecurity asset management and prioritize your cybersecurity risk management for your business.
What Is CAASM?
As an emerging technology, CAASM uses API integrations with existing tools in your environment to present a unified view of all internal and external cyber assets, then identifies cybersecurity gaps and provides automated steps to remediate issues.
Organizations can use CAASM to solve persistent asset visibility and vulnerability challenges. Among its advantages, CAASM:
Uses data the organization already collects.
A CAASM solution aggregates, correlates, and normalizes disparate, siloed data from sources already in the organization, using API integrations with existing tools in the security, infrastructure, and identity technology stacks.
Doesn’t create additional overhead.
Sayers Cybersecurity Engineer Jason Marocchi says, “We’re seeing agent fatigue left and right. Clients don’t want to install any more agents on end-user devices, or install more software they need to maintain. By using a CAASM solution, we can augment what they already have without adding to the overhead of an asset.”
Creates organized and actionable results.
CAASM continuously monitors and analyzes assets and vulnerabilities automatically at a specific interval. A CAASM solution also prioritizes the remediation and mitigation actions based on the organization’s most critical threats and vulnerabilities.
Use Cases: Which Does CAASM Address?
Your IT and security teams can use CAASM for a variety of use cases including:
Cyber asset hygiene and security posture management.
With CAASM, you have visibility into everything in your environment and infrastructure so assets don’t miss any updates.
“I was part of a customer proof of concept that revealed more than 200 stale Active Directory assets that hadn’t been removed,” Marocchi says. “This had been on the customer’s to-do list but just got so overwhelming, it got pushed to the side.”
CAASM can identify and track unmanaged assets wherever they are, including ephemeral environments spun up for temporary use in development or testing that are accidentally left on.
Centralized view into all your assets.
The CAASM solution becomes your single source of truth. “When there’s an issue with an IP that needs to be investigated, you can be confident in the accuracy of what the CAASM solution shows you,” says Marocchi.
CAASM automates asset inventory so your teams aren’t spending time manually updating and consolidating spreadsheets, often among different departments. Marocchi says:
“Ten minutes after you update that spreadsheet, it may not be accurate. With CAASM we can automatically correlate different spreadsheets to create a master inventory list, giving back time your teams can use for more urgent matters.”
Audit and compliance reporting.
CAASM continuously aggregates, correlates, and normalizes data, so you can pull information at any point for audit reporting to show day-over-day, week-over-week, or month-over-month comparisons.
In the Center for Internet Security (CIS) list of 18 Critical Security Controls, the first two address inventory and control of enterprise and software assets. “You can easily check off both of those with a CAASM solution,” says Marocchi, “and those are two of the most difficult controls to manage. CAASM can then help show you where your gaps are so you can start checking off the rest of the CIS control list.”
Vulnerability prioritization and remediation.
Gartner research indicates security vulnerabilities are increasing exponentially year over year. CAASM prioritizes those based on your most critical assets, so your security team can remediate in the most efficient and effective manner.
A CAASM solution can not only ingest data, but also push data out to orchestrate patching so it’s all done under one solution. “By automating a lot of that vulnerability remediation, we’re giving man-hours back to the IT team,” says Marocchi.
Visibility gap analysis.
CAASM reveals gaps in data aggregation and lack of collaboration among departments that can result in unmanaged assets. CAASM ingests data from different sources, so we can build an image of the entire infrastructure to see where solutions might be falling short in their performance, or which solutions might be missing.
M&A due diligence.
A CAASM solution can pay dividends in an M&A transaction, allowing you to deploy and gain an entire view of an environment quickly. Using CAASM, a Sayers client found their intended acquisition had a poor security posture, which enabled them to lower the value of the company they were paying to acquire.
CMDB asset remediation.
With a CAASM solution, you can more easily keep a configuration management database (CMDB) current, remove stale assets that the infrastructure hasn’t talked to in a long time, and improve confidence in your CMDB from a compliance standpoint.
Business continuity and disaster recovery.
Asset visibility is a key factor in disaster recovery planning, including for ransomware response. “I have never worked with any company that already had an up-to-date CMDB,” says Sayers Senior Business Continuity Architect Kevin Finch. “Most had a spreadsheet with their servers on it, and that’s what they were using to figure out what they needed to backup.”
Questions? Contact us at Sayers today to learn how emerging CAASM technologies can help your business.