Why Is Gartner Talking About External Attack Surface Management (EASM)
Critical Log4j Vulnerability and Recommendations to Resolve it
January 24, 2022
Ransomware Targeted Attacks: CISO Mitigation Playbook
March 22, 2022
Why Is Gartner Talking About External Attack Surface Management (EASM)
In a recent report from Gartner, External Attack Surface Management (EASM) has been introduced as an important emerging technology in cybersecurity. The report states that EASM is an upcoming service in the product category for identifying risks through Internet-faced assets that an organisation may be unaware of – like shadow-IT, exposure management, and expansion of attack surfaces.
External Attack Surface management (EASM):
A relatively new term relevant in this business, as Attack Surface Management (ASM), has been around in the industry for some time. Gartner coined the term External Attack Service management (EASM) to emphasise the importance of the ever-growing external threat to an organisation.
Higher consideration is given to internal assets by focusing on improving their security posture, as internal assets are quite often overlooked. However, Gartner states otherwise. An organization must manage its external-facing assets as we move into the Digital Transformation era.
According to Gartner:
External Attack Surface Management (EASM) is an emerging product that supports organisations in identifying risks coming from Internet-facing assets and systems that they may be unaware of. Security product leaders must align their go-to-market strategy to alleviate buyers’ confusion with security products spilling over into EASM.
Why is EASM Important?
The sudden introduction and growing importance to EASM service is being attributed to the following 3 major contributing factors:
Accidental shift and popularity for remote-working
The pandemic has forced organisations to ask employees to work from home. The work from home culture has led to organisations moving various assets online for the smooth functioning of the business.
The online shift increases the amount of information available over the internet exponentially. It increases the possibility of the external attack surface for possible threats, which further chipped in for recent exponential growth in cybercrimes.
Digital transformation Initiatives
Another contributing factor is the digital transformation of assets for higher availability and attracting more customer base. Introduction to services available parallelly on mobile platforms, IoT devices, and collaboration of IT & OT to support the above is on the rise. All of the above have been the major reasons for the recent rise in cyber-attacks.
Weakening of enterprise perimeter due to shadow-IT
The last but the most influential factor to look at is the shadow-IT. Unlike old times, an organisation has many constituent branches or departments that have direct access to launch any time a new application or platform service online.
This is complementary to the above two factors— anybody can remotely set up a part of the infrastructure on the cloud— to support an upcoming or ongoing product or service. This is considered as a shadow-IT factor as there is no record, security testing, scrutiny, and approval from the IT team involved before the launch (as in old times). Therefore, an organisation may not have an inventory record of such components being available on the external side, which may be vulnerable.
An External Attack Surface Management (EASM) product or service comes at this pivotal point – Reconnaissance and Enumeration of all such internet-facing products and services of an organisation, checking their potential vulnerabilities and continuously monitoring for current as well as newly deployed shadow-IT components of an organisation.
While EASM provides services and capabilities, which are similar to, and overlap the Digital Risk Protection Service (DRPS), threat Intelligence, third-party risk, and vulnerability assessment, vendor capabilities may vary depending on the service provided, requirements of an organisation, and other factors.
EASM can provide following five primary capabilities:
Discovery: Recon and discover an organisation’s external-facing assets, creating an inventory of assets.
Analysis: Evaluate the asset’s attributes to identify the risks and vulnerabilities.
Prioritisation: Set up priority index based on risk and vulnerability metrics and provide alerts based on the analysis of priority index.
Remediation: Supply mitigation plans based on set prioritised metrics and the workflow for remediation with integration of services like ticketing systems.
Monitoring: Continuous scanning and monitoring of assets – unknown newly deployed or known already existent internet-faced assets of an organization – like domain-related assets (external-facing infrastructure or cloud services) and distributed ecosystems (IT/OT and IoT infrastructure)
Takeaways:
What to take away from this “emerging” concept? Does an External Attack Surface Management provide any significant impact for the business stakeholders like C-level leaders and IT-security teams?
The major impact that may be achieved using EASM services is in its capability to detect all known and unknown externally-faced assets. The capability to set up an inventory, analysis and continuous remedial support complements the overall vulnerability management architecture.
Hindrances:
Evolution – As an emerging technology, there is still a long way for EASM to gain market momentum and a place for itself. EASM is still under the “Emerging” phase of the Gartner Hype Cycle, and it could take anywhere between 6 to 18 months to enter the next phase of the cycle.
Acknowledgment— The higher management must be aware of this product’s benefits and future measurable risks. The Security Risk Management (SRM) stakeholders and leaders should consider the medium-range impacts of investments in this area.
Resources and Utilization – The leadership will need to implement EASM solutions in multiple aspects like IT asset management, vulnerability management, etc. The implementation will benefit from its capabilities. Also, open-minded views towards complementary resources are required, such as dedicated or specialised personnel.
Conclusion
EASM, now in its nascent stages, is evolving and will become an integral part of systems in future. Firms must prepare their workforce for the integration of EASM with their work.
References
1. Understanding Gartner’s Hype Cycles ( https://www.gartner.com/en/documents/3887767/understanding-gartner-s-hype-cycles )
2. Gartner Reprint – Hype Cycle for Security Operations, 2021 (https://www.gartner.com/doc/reprints?id=1-26YV3GM4&ct=210729&st=sb)
3. Gartner Reprint – Critical Insights for External Attack Surface Management (https://gtnr.it/3LnPMoU)
4. CISO Platform – Why is Gartner talking about External Attack Surface Management (EASM)? (https://www.cisoplatform.com/profiles/blogs/why-is-gartner-talking-about-external-attack-surface-management-e)
