4 Steps for EASM Protection - a Guide for CISOs
We have seen a drastic shift in the way we work and how organisations can get better prepared to deal with the issues faced when it comes to better cybersecurity. CISOs have had to be flexible and knowledgeable about all of these changes in recent times - especially thanks to the accelerated nature of the pandemic - so it’s no surprise that emerging threats have also become some of the most threatening cybersecurity issues organisations have had to face.
The shift to EASM protection has been one that most CISOs have had to deal with and because EASM is involved with every public facing asset your customers and employees access when interacting with your company online - whether owned and managed by your organisation or by a third party- being prepared is essential.
In this article you will learn about the importance of EASM protection and the 4 steps for EASM protection - which includes how to select a provider of such security solutions.
Importance of EASM Protection
As with many things that have happened since the pandemic, global cyber security has had to be fast moving and flexible in order to keep organisations safe and protected whilst also allowing individuals to do their work safely and without fear of causing any major disruption thanks to cyber safety concerns.
The growing importance of EASM can be attributed to:
- Growth in remote working (WFH)
- Leading to assets being made available online - expanding external attack surface vulnerabilities and attack vectors.
- Digital Transformation
- Digital transformation of assets to support availability.
- Services being made available from various parallel channels / devices - such as mobile and IoT.
- Shadow-IT - weakening enterprise perimeters
- The use of information technology systems, devices, software, applications, and services without explicit IT department approval.
- Thanks to the WFH culture and the reliance on cloud computing this has become more important than previously recognised.
- It leads to an organisation not having an inventory record of assets - possibly created by those working from home - which will not have been tested and verified as secure.
Of course, it shouldn’t surprise any CISO to know just how advanced and how multiple external attacks have increased in recent years as well.
One of the main issues with EASM is that many of the threats are coming from misconfigured attack surfaces (such as routers, various user devices, ports, web VPNs etc.)
4 Steps for EASM Protection
The External Attack Surface Protection process can be broken down into 4 key steps - (alongside a fifth process: monitoring.)
- Asset discovery - cataloguing the assets of the digital assets relevant to the organisation. (These could include domain names, subdomains, and IP addresses.)
- Analysis and assessment - Evaluate and analyse asset attributes to determine if an asset is risky, vulnerable or behaving in an anomalous manner.
- Prioritisation - Prioritising the assets according to how critical their risks and vulnerabilities are.
- Remediation - Provide action plans on the mitigation of prioritised threats as well as the remediation workflow.
This is where it is both known and unknown assets. (Thanks to WFH practices, some may download software or tools which aren’t known to CISOs and IT teams). Therefore it is essential for CISOs to use EASM management tools that can discover assets (external attack surfaces) that are unknown.
Things like Digital Risk Protection Services (DRPS) and tools should be reviewed regarding their EASM capabilities. Are they capable of identifying new vulnerabilities and threats? Can they highlight where the potential risks of attack are? These are things that need to be asked about the breadth of these services.
It’s become essential to understand that the tools you have at your disposal will provide coverage of different threats when it comes to asset discovery.
Analysis and Assessment
Once you have understood and detected the vulnerabilities, you need to take the next step which is to assess these vulnerabilities and investigate any potential risks. Having any security tests that are automatically kept up to date helps security teams immensely happy as they can manage resources efficiently.
Assessment can take on multiple forms including an investigation into log changes or data or working with developers on code reviews. Existing vulnerability assessment tools and services can possibly provide this capability.
In this part of the protection, there is something called vulnerability scoring which will assign a number to the threats posed/vulnerabilities - which will help teams to prioritise what needs resolving first. (See next section)
Assessments such as penetration testing remain an important aspect of analysis and assessment.
Risk scoring is just another way of setting out the priorities of what needs urgent attention or less urgent attention. If 10 was urgent and 1 was not urgent it makes sense that any CISO focuses on the higher number first.
What is critical at this phase is that efficient resource allocation is organised - and therefore the need for prioritisation becomes a factor. Whether that is based on how assets may be prioritised based on how critical their risks and vulnerabilities are or if it is systems which hold a key to the short term success of the organisation.
The vulnerability scoring that is carried out during analysis and assessment - will inform prioritisation.
Remediation in cyber security refers to the addressing a breach and limiting the amount of damage that breach can potentially cause to your business
Being able to deal with these issues however is down to resource allocation. You may require more people at one given time on one problem versus another time. The best services and tools help in optimising resource allocation - prioritising high impact fixes and ensuring optimal use of time.
Selecting an EASM Service Provider or Platform
There is a growing availability of various EASM services along with a range of EASM tools and platforms. However, the required capabilities of EASM tools and platforms can also be applied to service providing organisations;
- Ability to discover all relevant assets
- Ability to identify all exposed datasets
- Ability to uncover risks presented by third and fourth party vendors.
- Ability accurately assess and allocate risk ratings / scores
- Ability to evaluate threats by examining attack surfaces against vulnerabilities.
- Ability to identify weaknesses not only from a technical perspective, but also from user and process perspectives.
Some organisations’ CISOs will have existing commercial relationships with Digital risk protection service providers who may already offer the required EASM services. It is important to assess whether or not these third parties have the necessary skills and tools to deal with your EASM protection requirements.
Once you have made your shortlist of providers, it is then essential to go through the different providers capabilities to see how they operate and what their processes look like. This includes - Discovery / analysis / prioritisation / remediation. An EASM service provider might be selected based on a recognised use-case priority. It is essential that not only are you considering your current use-case - but to consider what the future is likely to require.
In addition to this you need to thoroughly assess the proposed service providers based on their skills, previous experience, reviews and testimonials, their preparedness, resources and the tools they use.
BlueFort has developed a wide range of cyber security tools that are designed to deal with these issues from different perspectives from digital transformation to EndPoint Detection and Response. To see a full suite of solutions, click on the link.
CISOs have had to deal with a lot of changes in recent years, and the pandemic accelerated the need for organisations to take the time to learn about their cybersecurity needs. The emergence of EASM protection is essential as the move to WFH culture is here to stay but this poses threats to a businesses cybersecurity. CISOs not only need to be prepared for this shift but also, the potential issues that come with it.
If you are looking to get a better understanding of where your organisation’s cyber weaknesses lie, Bluefort’s Evolve IT Services can not only help you to get a much better understanding of these threats but also provide you with the solutions to protect your organisation in the long term.