Brianna McGovern

As Product Manager of Attack Surface Management (ASM), Brianna is responsible for defining the roadmap for NetSPI's ASM solution and bringing new features and capabilities that help security teams protect their external network. She has deep experience in the pentesting industry, performing and leading pentesting teams. Brianna earned a degree in Industrial Engineering from Penn State University and holds the GWAPT and AWS certified cloud practitioner certifications.
More by Brianna McGovern
WP_Query Object
(
    [query] => Array
        (
            [post_type] => Array
                (
                    [0] => post
                    [1] => webinars
                )

            [posts_per_page] => -1
            [post_status] => publish
            [meta_query] => Array
                (
                    [relation] => OR
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "153"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "153"
                            [compare] => LIKE
                        )

                )

        )

    [query_vars] => Array
        (
            [post_type] => Array
                (
                    [0] => post
                    [1] => webinars
                )

            [posts_per_page] => -1
            [post_status] => publish
            [meta_query] => Array
                (
                    [relation] => OR
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "153"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "153"
                            [compare] => LIKE
                        )

                )

            [error] => 
            [m] => 
            [p] => 0
            [post_parent] => 
            [subpost] => 
            [subpost_id] => 
            [attachment] => 
            [attachment_id] => 0
            [name] => 
            [pagename] => 
            [page_id] => 0
            [second] => 
            [minute] => 
            [hour] => 
            [day] => 0
            [monthnum] => 0
            [year] => 0
            [w] => 0
            [category_name] => 
            [tag] => 
            [cat] => 
            [tag_id] => 
            [author] => 
            [author_name] => 
            [feed] => 
            [tb] => 
            [paged] => 0
            [meta_key] => 
            [meta_value] => 
            [preview] => 
            [s] => 
            [sentence] => 
            [title] => 
            [fields] => 
            [menu_order] => 
            [embed] => 
            [category__in] => Array
                (
                )

            [category__not_in] => Array
                (
                )

            [category__and] => Array
                (
                )

            [post__in] => Array
                (
                )

            [post__not_in] => Array
                (
                )

            [post_name__in] => Array
                (
                )

            [tag__in] => Array
                (
                )

            [tag__not_in] => Array
                (
                )

            [tag__and] => Array
                (
                )

            [tag_slug__in] => Array
                (
                )

            [tag_slug__and] => Array
                (
                )

            [post_parent__in] => Array
                (
                )

            [post_parent__not_in] => Array
                (
                )

            [author__in] => Array
                (
                )

            [author__not_in] => Array
                (
                )

            [search_columns] => Array
                (
                )

            [ignore_sticky_posts] => 
            [suppress_filters] => 
            [cache_results] => 1
            [update_post_term_cache] => 1
            [update_menu_item_cache] => 
            [lazy_load_term_meta] => 1
            [update_post_meta_cache] => 1
            [nopaging] => 1
            [comments_per_page] => 50
            [no_found_rows] => 
            [order] => DESC
        )

    [tax_query] => WP_Tax_Query Object
        (
            [queries] => Array
                (
                )

            [relation] => AND
            [table_aliases:protected] => Array
                (
                )

            [queried_terms] => Array
                (
                )

            [primary_table] => wp_posts
            [primary_id_column] => ID
        )

    [meta_query] => WP_Meta_Query Object
        (
            [queries] => Array
                (
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "153"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "153"
                            [compare] => LIKE
                        )

                    [relation] => OR
                )

            [relation] => OR
            [meta_table] => wp_postmeta
            [meta_id_column] => post_id
            [primary_table] => wp_posts
            [primary_id_column] => ID
            [table_aliases:protected] => Array
                (
                    [0] => wp_postmeta
                )

            [clauses:protected] => Array
                (
                    [wp_postmeta] => Array
                        (
                            [key] => new_authors
                            [value] => "153"
                            [compare] => LIKE
                            [compare_key] => =
                            [alias] => wp_postmeta
                            [cast] => CHAR
                        )

                    [wp_postmeta-1] => Array
                        (
                            [key] => new_presenters
                            [value] => "153"
                            [compare] => LIKE
                            [compare_key] => =
                            [alias] => wp_postmeta
                            [cast] => CHAR
                        )

                )

            [has_or_relation:protected] => 1
        )

    [date_query] => 
    [request] => SELECT   wp_posts.ID
					 FROM wp_posts  INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id )
					 WHERE 1=1  AND ( 
  ( wp_postmeta.meta_key = 'new_authors' AND wp_postmeta.meta_value LIKE '{9f615b8a6cc36635fcbf5da51aef69ec540f07a6654fecf5c01a33e63f95d31d}\"153\"{9f615b8a6cc36635fcbf5da51aef69ec540f07a6654fecf5c01a33e63f95d31d}' ) 
  OR 
  ( wp_postmeta.meta_key = 'new_presenters' AND wp_postmeta.meta_value LIKE '{9f615b8a6cc36635fcbf5da51aef69ec540f07a6654fecf5c01a33e63f95d31d}\"153\"{9f615b8a6cc36635fcbf5da51aef69ec540f07a6654fecf5c01a33e63f95d31d}' )
) AND wp_posts.post_type IN ('post', 'webinars') AND ((wp_posts.post_status = 'publish'))
					 GROUP BY wp_posts.ID
					 ORDER BY wp_posts.post_date DESC
					 
    [posts] => Array
        (
            [0] => WP_Post Object
                (
                    [ID] => 31238
                    [post_author] => 153
                    [post_date] => 2023-10-13 11:52:40
                    [post_date_gmt] => 2023-10-13 16:52:40
                    [post_content] => 

A novel 0-day vulnerability referred to as, “HTTP/2 Rapid Reset,” (CVE-2023-44487) sent the cybersecurity industry into quick action to minimize potential risks. This vulnerability abuses certain features of HTTP/2 protocol and allows for Distributed Denial of Service (DDoS) attacks at an unprecedented scale.  

Explain It to Me Like I’m 5 (ELI5)

If your website or application uses HTTP/2, an attacker could completely restrict access by flooding your network with an overwhelming amount of traffic.  

For additional insights, we connected with our Attack Surface Management (ASM) team to get their take on the CVE and learn more about their quick response to help security leaders with identification and remediation.

https://youtu.be/iLedcMoHmU4

Who's Impacted?

Anyone who uses HTTP/2 services may be impacted. According to Web Technology Surveys, the services are used by 35.6% of all websites. That’s over 400 million websites vulnerable to this CVE.

What Could Happen If Exploited

The industry is seeing large-scale DDoS attacks stemming from exploitation of HTTP/2 Rapid Reset. The goal of a DDoS attack is to overwhelm a particular business, service, or application and keep it from being accessible to legitimate access requests from the intended users/customers.  

This is extremely challenging to manage since the attacks come from compromised machines or ‘bots’ in a very distributed fashion, which makes blocking those requests using simple filtering techniques unrealistic. In other words, significant friction or inability to deliver services. We’re already seeing the exploit in action, with Google reporting that it had mitigated the largest ever DDoS attack to date.

Best Practices for Remediation

First, it is important to understand if and where you are using HTTP/2 to determine if you are affected. Mapping out a full view of the attack surface is often a challenge for teams because of attack surface sprawl and changes that can happen overnight. 

As NetSPI’s Field CISO Nabil Hannan put it, 

“It seems to me like the bigger challenge in this particular scenario is that organizations struggle to have an up-to-date asset inventory. Not only having an up-to-date asset inventory, but truly understanding what software components, what versions of packages, what type of bill of materials they have in those assets.” 

This is where technology like Attack Surface Management is extremely helpful because it provides continuous asset discovery and monitoring. 

The first step to take when addressing HTTP/2 Rapid Reset is to perform internal checks for HTTP/2 and all potentially vulnerable hosts or verify with your web server vendors. Patches and updates for common web servers and programming languages are available to apply now or will be coming soon.  

In the words of NetSPI’s Research Engineer Isaac Clayton,

“Patch early, patch often.”  

NetSPI’s Rapid Response to HTTP/2 Rapid Reset

For NetSPI’s ASM users, our team swiftly added capabilities to the platform to detect HTTP/2 and allow our clients to get a full inventory of all potentially vulnerable hosts.   

Once a zero-day vulnerability was discovered, our Attack Surface Management team responded quickly to create automation for NetSPI’s ASM platform. This automation allowed our clients to establish an accurate inventory of their assets using HTTP/2.0 and focus their efforts on mitigation and remediation.  

Our approach involved a fast response through active collaboration between our teams. We utilized our ASM operations team, a group of security professionals who proactively address vulnerabilities and verify risks for clients, as well as our software engineers and front-end developers.  

We moved incredibly quickly to implement the solution and make it available for NetSPI’s ASM clients. This rapid response demonstrates how beneficial it is to have a full team supporting our clients and the ASM technology that helps them maintain security. One listener on our LinkedIn Live commented, “Wow!!! That’s fast given today’s response climate. From Rapid Reset to Rapid Response!” (Kudos to the ASM operations team for their fast response!) 

Get a deeper look at CVE-2023-44487 - HTTP/2 Rapid Reset by watching our LinkedIn Live with NetSPI’s Field CISO Nabil Hannan and myself, Security Research Engineer Isaac Clayton. Learn more about our ASM solution including how to use it to run the check for HTTP/2 by contacting our team.

[post_title] => NetSPI’s Analysis of HTTP/2 Rapid Reset  [post_excerpt] => Learn about HTTP/2 Rapid Reset (CVE-2023-44487) and see how Attack Surface Management detects HTTP/2 uses to streamline patches. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => netspi-analysis-of-http-2-rapid-reset [to_ping] => [pinged] => [post_modified] => 2023-10-13 11:53:29 [post_modified_gmt] => 2023-10-13 16:53:29 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=31238 [menu_order] => 54 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [1] => WP_Post Object ( [ID] => 30846 [post_author] => 153 [post_date] => 2023-08-22 09:00:00 [post_date_gmt] => 2023-08-22 14:00:00 [post_content] =>

External Network Penetration Testing and Attack Surface Management (ASM) are related but distinct offensive security measures. Each one has a time and place where it’s most effective, but when the two are paired together, security teams experience an extremely proactive approach to their cybersecurity program that ensures improvement over time

What is External Network Penetration Testing?  

External Network Penetration Testing provides a point-in-time test that dives deep into a defined scope. External Network Testing means an offensive security consultant is dedicated to analyzing selected assets for a specific amount of time. Think of this focused analysis for 40 hours a week for two weeks. That’s a lot of time to dig into findings!  

This amount of research typically results in a high number of results that are vetted into prioritized actions. The outcome can strain security teams because of the need to triage remediation efforts in a short period of time. External Network testing is a thorough method of evaluating vulnerabilities and reporting on whether they’re publicly exploitable. 

A limitation with External Network Testing is that it’s only focused on what’s in scope. The scope of the test is limited to the assets a client defines, and the scope of assets a client defines is limited to what a client knows is out there. If clients misunderstand their attack surface, it can lead to gaps in the scope of an External Network Penetration Test. Ensuring a strong and holistic understanding of your attack surface allows you to get more return on your investment for penetration testing. 

In addition, External Network Penetration Testing provides thorough research, but only for a specific point-in-time. Unfortunately, threat actors aren’t limited to scope or timelines like External Network Testing is, making Attack Surface Management a smart supplement to External Network Testing.

When to Use External Network Penetration Testing 

If you have proper asset mapping and a solid understanding of your attack surface, then External Network Penetration Testing is an ideal offensive security measure to test the security of your assets. 

ExPen vs. ASM


ExPen

  • The ExPen is designed to report more findings to the security team
    • It will report information findings
  • These findings need to be triaged by the internal security team to determine which to prioritize
  • The ExPen is useful for getting a baseline point in time view of the environment but requires more manual work on the part of the internal security team

ASM

  • ASM will report less findings than the ExPen
  • ASM is designed to filter out alerts and only report vulnerabilities the team has confirmed they can exploit
  • This reduces the amount of triaging work for the internal security team
  • ASM is useful for getting a continuous view of the environment and can see changes as they happen in real time

What is Attack Surface Management?  

Attack Surface Management provides continuous discovery, inventory, testing, and prioritization of known and unknown assets and exposures on global external attack surfaces. While it doesn’t go as deep as External Network Penetration Testing, it does look at attack surfaces broadly and through a continuous lens. It provides an always-on view of high-impact, high-priority findings. 

One of the most common scenarios we face with clients is finding unknown assets. This is also one of the biggest benefits of ASM. Not only can many different assets exist on an external attack surface, but also these assets change over time, making point-in-time pentesting good, but continuous analysis better.  

First and foremost, ASM is focused on discovering what’s out there so we can bring better visibility into the entire external attack surface. Once we have that visibility and know the assets that exist, we look at exposures including vulnerabilities. ASM goes deeper by showing the products and certificates that exist on those assets, if those certificates are expiring soon, the DNS records, and the open ports on those assets. 

Typical ASM platforms result in alert overload, which is why NetSPI focuses on noise reduction with our technology. We take the results from our Attack Surface Management platform a step further by adding the human component. Our ASM operations team uses automated and manual methods to discover assets, monitor exposures, and determine the level of risk they may pose. This information is relayed to a security team for remediation, and then passed along to a pentester to validate the remediated exposure. 

When to Use Attack Surface Management 

Attack Surface Management is ideal for teams who need insight into their external attack surface and enhance the process for mapping their attack surface on a continual basis. 

Better Together: Attack Surface Management and External Network Penetration Testing  

Salt and pepper, Peanut butter and jelly, ASM and External Network Testing.  

Attack Surface Management shines with its always-on nature that regularly updates scan results with the latest changes. When we tie ASM to our External Network Testing, we’re more closely simulating the activity that attackers are taking throughout the year. ASM provides coverage in-between External Network Testing, which allows security teams to be more proactive with their approach, instead of waiting three, six or 12 months before performing a regular External Network Test. 

A common scenario in which ASM and External Network Testing benefit each other is when companies make recurring changes to their attack surfaces during the holidays. For example, many retailers will stand up new infrastructure for holiday specials. When the special ends and they take down that infrastructure, does it all get commissioned and decommissioned properly? This insight can be automated with ASM. 

The best mix of these offensive security strategies is to use ASM for constant monitoring, and then use the insights to perform an External Network Testing periodically, such as once per quarter. This strategy also has the potential to validate that security enhancements are resulting in continued improvements, which can help security leaders when it comes to resourcing modern security measures. 

[post_title] => Attack Surface Management vs. External Network Penetration Testing [post_excerpt] => Attack Surface Management and External Network Penetration Testing are related offensive security measures that work better together. Learn how! [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-management-vs-external-network-penetration-testing [to_ping] => [pinged] => [post_modified] => 2024-01-15 09:35:04 [post_modified_gmt] => 2024-01-15 15:35:04 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30846 [menu_order] => 75 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 30689 [post_author] => 53 [post_date] => 2023-07-28 12:27:12 [post_date_gmt] => 2023-07-28 17:27:12 [post_content] =>

Join Brianna McGovern, Product Manager at NetSPI, as she takes you through a demo of our Attack Surface Management (ASM) platform. See how ASM can continuously discover, inventory, test, and prioritize known and unknown assets and exposures on your global external attack surface. During this demo, Brianna will: 

  • Demonstrate NetSPI’s ASM platform capabilities  
  • Highlight cutting-edge new platform features  
  • Explore common ASM use cases   
  • Dive into customer success stories   

If attack surface reduction and continuous pentesting is on your wish list, you won’t want to miss this! 

[post_title] => Product Pulse: Demo of Attack Surface Management (ASM)  [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-management-live-demo [to_ping] => [pinged] => [post_modified] => 2023-09-21 14:00:47 [post_modified_gmt] => 2023-09-21 19:00:47 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?post_type=webinars&p=30689 [menu_order] => 17 [post_type] => webinars [post_mime_type] => [comment_count] => 0 [filter] => raw ) [3] => WP_Post Object ( [ID] => 30607 [post_author] => 153 [post_date] => 2023-07-25 09:00:00 [post_date_gmt] => 2023-07-25 14:00:00 [post_content] =>

As companies’ attack surfaces continue to expand and threat actors remain relentless, attack surface management (ASM) has grown to a rapidly emerging category in the cybersecurity space. Rather than organizations manually inventorying and protecting critical assets on their own, attack surface management tools provide continuous visibility and risk assessment of a company’s entire attack surface. 

Teams looking to improve their offensive security efforts have many attack surface management tools to choose from, but most only provide standard asset discovery – such as the use of off-the-shelf scanners – and lack prioritization of actionable remediation efforts, resulting in alert overload. 

We asked our team of attack surface management experts for their thoughts on which features security leaders should look for in ASM platforms to ensure they’re getting the best value and highest level of protection. The most effective attack surface management tools go beyond asset discovery by adding expert human analysis to prioritize alerts and remediation.

ASM Freemium Scan Tool

6 Must-Have Features in an Attack Surface Management Platform 

As you weigh the pros and cons of various attack surface management platforms and tools, consider the following must-have features. 

1. Ability to Comprehensively Discover the Unknown  

Many attack surface management tools may only have the capabilities to discover known assets, such as IP addresses, domains, software, and other assets that the security team actively manages. However, finding and securing both known and unknown internet-facing assets  is an essential capability for attack surface management tools.  

Unknown assets may include those that lack awareness from the IT security team, unauthorized and unmanaged assets. There are a variety of causes for these gaps in known assets including shadow IT, misconfigurations, failed decommissions, and more. These gaps ultimately result in ineffective scan coverage and scopes for pentests, thus leaving your attack surface unmonitored and presenting a risk to your organization. 

When you leverage an attack surface management platform like NetSPI, ASM engagements start with a list of known domains and IPs. Next, the search expands to related entities to uncover all assets tied to a company – including unknown assets. The Dynamic FAQs feature in NetSPI’s attack surface management platform shows how many IPs were initially provided, compared to how many public-facing assets were found.  

2. Inclusion of Human Analysis to Prioritize Alerts  

Our 2023 Offensive Security Vision Report showed that a lack of resources and prioritization are two of the top barriers to greater offensive security. Helping security teams with data-driven prioritization of remediation efforts eases the burden of decision-making. 

Expert human analysis delivers the strongest cybersecurity results because pentesters provide context into alerts, which results in only alerting on high-impact vulnerabilities. Attack surface management tools that incorporate human analysis can leverage the team’s expertise to vet vulnerabilities before they’re added as alerts. 

Manual pentesters review every exposure to contextualize it and determine whether they’re exploitable. This helps eliminate alert fatigue, drastically reduces the amount of work teams need to do, and enables teams to focus on meaningful remediation efforts.  

As an example of this approach in practice, NetSPI addresses this with a Signal Dashboard to distill signal from noise. This dashboard highlights all the activities of the ASM Operations Team, so clients can understand what's happening behind the scenes even if they haven’t been alerted to new vulnerabilities in a while.

Signal Dashboard in NetSPI's PTaaS Platform, Resolve
In this ASM Signal Dashboard screenshot, it shows that NetSPI ASM Operations team has reviewed 1.21k assets, discovered 6.71k new assets, reviewed 1 vulnerability, and determined that of this there is no action needed by the client's team, eliminating all work they would have done to discover, validate, or remediate.

3. Ability to Track Attack Surface Changes Over Time 

A key benefit of attack surface management is discovering attack surfaces that were previously unknown. A traditional approach to tracking attack surfaces has been manually tracking externally facing assets. However, because attack surfaces and threats can evolve and expand overnight, this approach isn’t enough to track changes and secure new attack surfaces that emerge throughout the year. 

Rather than only performing annual pentesting, relying on a combination of external network penetration testing and comprehensive, continuous attack surface management enables organizations to track expanding attack surfaces and find vulnerabilities as they arise. 

With the right attack surface management platform, once the initial report is complete and critical vulnerabilities have been addressed, the attack surface management platform performs regular evaluations of a company’s entire attack surface on an ongoing basis.  

This inventories new attack surfaces as they arise and shows all data in one user-friendly platform. 

4. Expertise to Develop New Features In-House Based on Customer Priorities 

As cyber threats evolve and persist, security solutions also need to adapt to protect against the latest attacks and align with customers’ business needs. Working with customers is a two-way street for ASM vendors to advance technology capabilities.

The best attack surface management platform provider will listen to customers to help drive feature development and platform enhancements. Based on input from customers, a team of software engineers has the capability to update and build new features in-house.

ASM Company Hierarchy
With NetSPI as an example, we released a Company Hierarchy Dashboard on our Attack Surface Management platform, a feature that was driven in part by customer requests. The dashboard visualizes the entire company, including all subsidiaries, divisions, and acquisitions on one screen. It’s especially helpful for organizations who use ASM to get ahead of potential vulnerabilities that may come with mergers and acquisitions. Learn more about this dashboard on LinkedIn here.

When you work with NetSPI, you get incredible value through our technology and expert team, but one of the greatest benefits is that we are continually improving our platform to add more value every time you log in. Interested in learning more about our latest updates? Read our release notes.

5. A Clean, Easy-to-Use UX 

As is the case with any product, software, or platform, attack surface management end users won’t settle for poor user experience (UX) or a clunky product with too many clicks to get to a destination. User-friendly design, easy to digest dashboards, and training materials at the ready are essential for the best attack surface management tools. Some platforms even have dark mode to meet anyone’s preferences.   

Features and capabilities that go beyond attack surface management and into related market categories are beneficial for organizations to continue evolving and advancing their offensive security strategies.  

Additional capabilities to look for in an attack surface management platform include but aren’t limited to:  

Partnering with a vendor like NetSPI that offers services such as these can help ensure you’re backed with the right mix of offensive security methods for your business.

Gartner Related Categories to ASM
See Gartner’s matrix from the report “Competitive Landscape: External Attack Surface Management” on related service areas to attack surface management.

Access the Most Important Attack Surface Management Features with NetSPI   

Asset discovery with attack surface management is table stakes and the right vendors go far beyond this approach to provide the best possible offensive security solutions.

NetSPI’s attack surface management platform and solutions include human analysis to prioritize alerts, the ability to discover the unknown and track attack surfaces changes over time, capabilities to develop new features in-house, a user-friendly experience, and additional security services that go beyond ASM. 

Want to hear about ASM from a third party? Gartner® provides recommendations on vendor capabilities in the report, Competitive Landscape: External Attack Surface Management. Take a look and then try our free Attack Surface Management Tool to search more than 800 million public records for potential attack surface exposures. 

ASM In Action: NetSPI’s Attack Surface Management Demo
[post_title] => How to Select the Best Attack Surface Management Platform  [post_excerpt] => Asset discovery with attack surface management is table stakes. Learn about additional features to look for in an attack surface management platform. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => how-to-select-best-asm-platform [to_ping] => [pinged] => [post_modified] => 2023-10-27 11:20:15 [post_modified_gmt] => 2023-10-27 16:20:15 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30607 [menu_order] => 87 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [4] => WP_Post Object ( [ID] => 30592 [post_author] => 153 [post_date] => 2023-07-18 09:00:00 [post_date_gmt] => 2023-07-18 14:00:00 [post_content] =>

As businesses scale, the number of employees, assets, and platforms continuously expand, giving adversaries many pathways to gain entry to networks and environments. To mitigate risks as the world becomes increasingly connected, prioritizing attack surface reduction is critical.

Attack surface management (ASM) results in attack surface reduction because it identifies unknown or vulnerable parts of an attack surface allowing security teams to address these risks. Attack surface reduction, when aligned with business needs, decreases opportunities for threat actors to find and exploit an unmanaged or weak asset while enabling the business to grow securely. 

Gain a Shared Understanding of Assets versus Exposures 

According to Forrester, attack surface management is defined as, “the process of continuously discovering, identifying, inventorying, and assessing the exposures of an entity’s IT asset estate.” Recognizing the difference between assets and exposures is an important part of ASM security.

Assets include IP addresses, domains, ASNs, and cloud accounts. When assets are unmanaged or unknown, they are a more susceptible target and at a higher risk for vulnerabilities.  

Exposures are risks that exist on assets and can also pose a cybersecurity risk for organizations. Exposures include open ports, SSL certificates, and vulnerabilities. 

The Difference Between Known versus Unknown Assets  

As businesses grow and adapt to change, their attack surface grows as well. Without proper asset tracking, this can increase the number of unknown external assets. 

Understanding the difference between known versus unknown assets, also sometimes referred to as managed versus unmanaged assets, can improve attack surface reduction. Known assets include IP addresses, domains, cloud accounts, ASNs, and other assets that the IT security team is aware of and actively manages. 

On the other hand, unknown assets include those that are unauthorized or unmanaged by the IT department, and thus can pose a significant risk to the business. Some challenges related to unknown assets include:  

  1. Shadow IT: Access to or use of technology, hardware, or software that is outside an organization’s security governance processes and unknown by the IT department—known as shadow IT—can lead to vulnerabilities and exposures. Examples of shadow IT include sharing work files to personal drives, email addresses, or cloud storage accounts.  
  2. Misconfigurations: Security teams are unable to accurately detect misconfigurations and other weaknesses present in unknown assets, which increases the risk of breaches and other attacks.  
  3. Ineffective scan coverage: When assets are unknown, organizations can’t effectively prioritize scan results to detect and remediate vulnerabilities.  

3 Tactics to Support Attack Surface Reduction with ASM Security 

1. Prioritize attack surface mapping  

Attack surface mapping is part of any strong ASM security strategy and refers to identifying all assets and the total scope of an organization’s attack surface, as well as potential exposures, and a plan to prioritize and remediate risks. Mapping involves continuous attack surface discovery, which inventories all existing attack surfaces including both known and unknown assets.

With a full understanding of the total attack surface scope, an organization can perform an attack surface assessment, which scans known business domains and IP addresses to identify threats and vulnerabilities. The key to effective attack surface assessments is pairing data analysis with expert human evaluation to ensure alerts are prioritized based on the overall risk to an organization.  

2. Continuously manage attack surfaces 

With traditional approaches to cybersecurity, many organizations complete manual penetration testing once or a few times a year to keep up with compliance regulations. However, new external assets can come into ownership overnight, and threat actors are increasingly sophisticated in their methods of attack, meaning an annual pentest, while valuable, isn’t enough to protect against emerging threats.  

Instead, ASM security that includes continuous monitoring and evaluation keeps attack surface sprawl in check and helps organizations avoid giving adversaries the opportunity to find new attack surfaces and risky exposures. Assessing and managing your attack surface, including new cloud assets, on a consistent basis using a combination of external network penetration testing and an attack surface management platform, can help your team stay ahead of the latest threats. 

ASM In Action: NetSPI’s Attack Surface Management Demo

3. Deactivate unused assets or attack surfaces 

Unused assets unnecessarily expand attack surface sprawl, increasing the number of assets that can fall victim to vulnerabilities. Examples of unused assets may include infrastructure that was scheduled for decommission but never was decommissions, untracked asset remnants from mergers and acquisitions, and assets that are no longer actively used for example.

To achieve attack surface reduction, partner closely with a cybersecurity team or attack surface management vendor to evaluate assets or attack surfaces that can be deactivated.  

Improve ASM Security with NetSPI’s Free Attack Surface Management Tool  

Comprehensive ASM security can help your business identify and manage attack surfaces to improve attack surface reduction. To ensure your ASM security is as effective as possible, leverage an attack surface management platform like NetSPI, which pairs human expertise with advanced software and data analysis. This helps your business prioritize the results of attack surface management analysis for the highest level of protection and best ROI on cybersecurity investments. 

Test drive NetSPI’s free attack surface management tool to detect and protect both known and unknown assets. After all, you can’t manage assets you don’t know about. Test NetSPI’s ASM tool for free!  

[post_title] => Discover the Unknown with ASM Security for Attack Surface Reduction [post_excerpt] => Attack surface reduction using ASM security is critical to mitigating risks by limiting opportunities for threat actors to exploit unmanaged assets. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-reduction [to_ping] => [pinged] => [post_modified] => 2023-07-14 16:17:52 [post_modified_gmt] => 2023-07-14 21:17:52 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30592 [menu_order] => 88 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [5] => WP_Post Object ( [ID] => 30588 [post_author] => 53 [post_date] => 2023-07-14 08:54:31 [post_date_gmt] => 2023-07-14 13:54:31 [post_content] =>
Watch Now

In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM).

Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets and changes to your attack surface that may introduce risk. How? Through a combination of NetSPI’s ASM technology platform, their global penetration testing experts, and their 20+ years of pentesting expertise.

[wonderplugin_video iframe="https://youtu.be/K5rM3SV4LnE" lightbox=0 lightboxsize=1 lightboxwidth=1200 lightboxheight=674.999999999999916 autoopen=0 autoopendelay=0 autoclose=0 lightboxtitle="" lightboxgroup="" lightboxshownavigation=0 showimage="" lightboxoptions="" videowidth=1200 videoheight=674.999999999999916 keepaspectratio=1 autoplay=0 loop=0 videocss="position:relative;display:block;background-color:#000;overflow:hidden;max-width:100%;margin:0 auto;" playbutton="https://www.netspi.com/wp-content/plugins/wonderplugin-video-embed/engine/playvideo-64-64-0.png"]

[post_title] => Attack Surface Management: Identify and protect the unknown [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => attack-surface-management-help-net-security [to_ping] => [pinged] => [post_modified] => 2023-07-14 08:54:31 [post_modified_gmt] => 2023-07-14 13:54:31 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?post_type=webinars&p=30588 [menu_order] => 20 [post_type] => webinars [post_mime_type] => [comment_count] => 0 [filter] => raw ) [6] => WP_Post Object ( [ID] => 30348 [post_author] => 153 [post_date] => 2023-06-20 09:00:00 [post_date_gmt] => 2023-06-20 14:00:00 [post_content] =>

As cyber risks grow, evolve, and become more sophisticated, traditional approaches to cybersecurity are no longer effective. According to research from Gartner, enterprises must move beyond vulnerability management to focus on threat exposure management as remote work, cloud storage adoption, and other factors expand organizations’ attack surfaces and potential vulnerabilities faster than threat detection and response controls can mature.  

While attack surface management (ASM) doesn’t replace pentesting, a combination of external network penetration testing and ASM can help organizations enable continuous attack surface testing and more effectively focus cybersecurity resources on the most valuable remediation efforts.

What is Exposure Management?

From a broad perspective, exposure management is the practice of identifying and analyzing possible exposures and taking steps to minimize the impact of associated risks. While the term exposure management is used broadly in other industries, for the purpose of this article, we’re focusing on exposure management from a cybersecurity lens — also referred to as threat exposure management (TEM) or continuous threat exposure management (CTEM).   

Exposure management in cybersecurity involves seeing the complete, accurate picture of an organization’s attack surface and being prepared to make the right decisions to prioritize remediation and effectively reduce overall cyber risk. The full attack surface includes all points of entry and external-facing assets that a cybercriminal could exploit to gain access to your company data—such as hardware, software, web applications, certificates, unsecured APIs, cloud assets, and much more. 

The Growing Need for Exposure Management 

Attack surfaces continue to expand in today’s connected environment, even overnight. The broader the scope of an attack surface and an organization’s digital footprint, the higher the risk of external assets facing vulnerabilities and exposures.  

Another challenge with exposure management is that organizations often have unknown attack surfaces or assets. As highlighted by Forrester in its report, The External Attack Surface Management Landscape, Q1 2023, “You can’t secure what you can’t see.”

With a proactive approach to exposure management and the right attack surface management tools, organizations can identify previously unknown assets and attack vectors—before attackers do—to avoid exposures.

Top reasons exposure management is important include:  

  1. Attack surface sprawl is increasing
  2. Unknown assets pose greater risks
  3. Threat actors are becoming more sophisticated  
ASM In Action: NetSPI’s Attack Surface Management Demo

Why Companies are Prioritizing Continuous Attack Surface Testing 

As both known and unknown attack surfaces expand, companies are increasingly using attack surface management tools to bridge the gap between vulnerability management solutions and manual penetration testing.

Traditionally, a common approach has been for organizations to perform penetration testing annually or a few times a year to meet compliance regulations. Following standard pentesting, at times little to no action is taken on the findings for months because security teams lack research-backed prioritization of which vulnerabilities to fix first. This trend is backed with research in NetSPI’s Offensive Security Vision Report, which concluded a lack of resources, aka people, is the number one barrier to timely and effective remediation. 

Attack surfaces and threats can expand and change overnight. Completing only one pentest per year isn’t enough to secure your attack surfaces and protect against new exposures that emerge over the course of a year.  

Instead of relying on periodic pentesting, leverage a combination of external network penetration testing and attack surface management tools to enable continuous, always-on pentesting. Keep pace with expanding attack surfaces and find vulnerabilities as they arise. As a result, organizations are better prepared to prioritize and focus their cybersecurity efforts.

How Continuous Attack Surface Testing Works 

Here’s a step-by-step overview of NetSPI's process: 

  1. NetSPI’s attack surface management platform identifies known and unknown assets to provide visibility of attack surfaces. 
  2. Our human pentesters combined with our advanced scanning capabilities triage and prioritize exposures. 
  3. For each vulnerability, our ASM operations team provides descriptions, remediation steps and verification steps. 
  4. This prioritization reduces the number of false positives reported and creates actionable results for your security team. 

How to Achieve Always-On Security with Continuous Pentesting  

An always-on approach to pentesting is the gold standard for cybersecurity today. Attack surface management doesn’t replace external network penetration testing, but rather pairing the two together works in harmony to enable continuous coverage. This helps organizations achieve higher levels of security in today’s evolving threat landscape.  

As an added benefit, from an operational standpoint, this approach also helps organizations with vendor consolidation. Providers such as NetSPI offer both attack surface management tools and external network penetration testing in-house. Businesses that partner with NetSPI have access to an expert team of manual pentesters who complete more than 250,000 hours of pentesting each year. 

Enable Continuous Attack Surface Testing with NetSPI 

Rather than replacing pentesting, attack surface management paired with manual external penetration testing is an advanced method for continuous attack surface testing. We created our attack surface management platform based on three key pillars of ASM—human expertise, always-on, continuous pentesting, and risk prioritization.  

Leverage NetSPI’s attack surface management tool for expert human analysis to prioritize the most important exposures, bring alignment between security and IT teams, and focus vulnerability remediation efforts to create a better overall security posture. Try NetSPI’s ASM tool for free!

Try our Free ASM Scan Tool
[post_title] => Harnessing Exposure Management with Continuous Attack Surface Testing  [post_excerpt] => Continuous attack surface testing helps organizations prioritize remediation steps and focus cybersecurity resources on the most valuable efforts. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => continuous-attack-surface-testing [to_ping] => [pinged] => [post_modified] => 2023-07-12 09:32:55 [post_modified_gmt] => 2023-07-12 14:32:55 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30348 [menu_order] => 97 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 7 [current_post] => -1 [before_loop] => 1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 31238 [post_author] => 153 [post_date] => 2023-10-13 11:52:40 [post_date_gmt] => 2023-10-13 16:52:40 [post_content] =>

A novel 0-day vulnerability referred to as, “HTTP/2 Rapid Reset,” (CVE-2023-44487) sent the cybersecurity industry into quick action to minimize potential risks. This vulnerability abuses certain features of HTTP/2 protocol and allows for Distributed Denial of Service (DDoS) attacks at an unprecedented scale.  

Explain It to Me Like I’m 5 (ELI5)

If your website or application uses HTTP/2, an attacker could completely restrict access by flooding your network with an overwhelming amount of traffic.  

For additional insights, we connected with our Attack Surface Management (ASM) team to get their take on the CVE and learn more about their quick response to help security leaders with identification and remediation.

https://youtu.be/iLedcMoHmU4

Who's Impacted?

Anyone who uses HTTP/2 services may be impacted. According to Web Technology Surveys, the services are used by 35.6% of all websites. That’s over 400 million websites vulnerable to this CVE.

What Could Happen If Exploited

The industry is seeing large-scale DDoS attacks stemming from exploitation of HTTP/2 Rapid Reset. The goal of a DDoS attack is to overwhelm a particular business, service, or application and keep it from being accessible to legitimate access requests from the intended users/customers.  

This is extremely challenging to manage since the attacks come from compromised machines or ‘bots’ in a very distributed fashion, which makes blocking those requests using simple filtering techniques unrealistic. In other words, significant friction or inability to deliver services. We’re already seeing the exploit in action, with Google reporting that it had mitigated the largest ever DDoS attack to date.

Best Practices for Remediation

First, it is important to understand if and where you are using HTTP/2 to determine if you are affected. Mapping out a full view of the attack surface is often a challenge for teams because of attack surface sprawl and changes that can happen overnight. 

As NetSPI’s Field CISO Nabil Hannan put it, 

“It seems to me like the bigger challenge in this particular scenario is that organizations struggle to have an up-to-date asset inventory. Not only having an up-to-date asset inventory, but truly understanding what software components, what versions of packages, what type of bill of materials they have in those assets.” 

This is where technology like Attack Surface Management is extremely helpful because it provides continuous asset discovery and monitoring. 

The first step to take when addressing HTTP/2 Rapid Reset is to perform internal checks for HTTP/2 and all potentially vulnerable hosts or verify with your web server vendors. Patches and updates for common web servers and programming languages are available to apply now or will be coming soon.  

In the words of NetSPI’s Research Engineer Isaac Clayton,

“Patch early, patch often.”  

NetSPI’s Rapid Response to HTTP/2 Rapid Reset

For NetSPI’s ASM users, our team swiftly added capabilities to the platform to detect HTTP/2 and allow our clients to get a full inventory of all potentially vulnerable hosts.   

Once a zero-day vulnerability was discovered, our Attack Surface Management team responded quickly to create automation for NetSPI’s ASM platform. This automation allowed our clients to establish an accurate inventory of their assets using HTTP/2.0 and focus their efforts on mitigation and remediation.  

Our approach involved a fast response through active collaboration between our teams. We utilized our ASM operations team, a group of security professionals who proactively address vulnerabilities and verify risks for clients, as well as our software engineers and front-end developers.  

We moved incredibly quickly to implement the solution and make it available for NetSPI’s ASM clients. This rapid response demonstrates how beneficial it is to have a full team supporting our clients and the ASM technology that helps them maintain security. One listener on our LinkedIn Live commented, “Wow!!! That’s fast given today’s response climate. From Rapid Reset to Rapid Response!” (Kudos to the ASM operations team for their fast response!) 

Get a deeper look at CVE-2023-44487 - HTTP/2 Rapid Reset by watching our LinkedIn Live with NetSPI’s Field CISO Nabil Hannan and myself, Security Research Engineer Isaac Clayton. Learn more about our ASM solution including how to use it to run the check for HTTP/2 by contacting our team.

[post_title] => NetSPI’s Analysis of HTTP/2 Rapid Reset  [post_excerpt] => Learn about HTTP/2 Rapid Reset (CVE-2023-44487) and see how Attack Surface Management detects HTTP/2 uses to streamline patches. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => netspi-analysis-of-http-2-rapid-reset [to_ping] => [pinged] => [post_modified] => 2023-10-13 11:53:29 [post_modified_gmt] => 2023-10-13 16:53:29 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=31238 [menu_order] => 54 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 7 [max_num_pages] => 0 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => 1 [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_favicon] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => b674e561f3838a33ac6b4580f4715a10 [query_vars_changed:WP_Query:private] => [thumbnails_cached] => [allow_query_attachment_by_filename:protected] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.

X