As cyberthreats proliferate, Attack Surface Management is becoming a vital strategy in simulating attackers’ tactics and pinpointing vulnerabilities on an organisation’s attack surface. In this article, Kieran Hernon, Vice President, EMEA Sales, Recorded Future, explores the significance of defending the attack surface, providing insights into the evolving landscape of security solutions. He envisions Attack Surface Management evolving to correlate exposures with threat actors, integrate vulnerability management and adapt to the challenges of an expanding digital landscape.
What is Attack Surface Management and why is it important to an organisation?
Attack Surface Management is the emulation of an attacker’s perspective and tactics to identify risks on an organisation’s dynamic attack surface that would support a cyberattack. This emulation is then used in reducing and managing risks. It consists of identifying all Internet-facing assets attributed to your specific organisation, continuously discovering new assets and identifying all vulnerabilities, misconfigurations and exposures related to an asset.
You can’t secure what you can’t see, so Attack Surface Management is critical to ensuring your assets are in a defensible position and not providing attackers with any easy access points for infiltration or information for reconnaissance.
What is a human-first approach and why is it considered the future of attack surface monitoring?
People are typically characterised as the weakest link in security. It is not usually malicious, but humans are prone to errors. However, this can create an adversarial relationship between security teams and employees.
What does an effective Attack Surface Management strategy look like and what is the best approach for organisations to defend their attack surface?
An effective Attack Surface Management programme continuously answers two key questions; what is our attack surface, and how do we secure it?
- To defend your attack surface, you need to understand what you need to defend. Your digital asset inventory is likely growing on a daily basis, requiring visibility into any new assets and whether they have proper security hygiene.
- To secure your attack surface, you need to reduce risk associated with your digital assets. Whether it is remediating a vulnerability or misconfiguration or taking an asset offline.
The best approach for organisations to defend their attack surface is to have real-time visibility into their Internet-facing assets, analysis on any exposures associated with those assets and context to help them take action.
How is Recorded Future addressing the expectation of end-users to make security solutions more interoperable and integrated with other platforms rather than point solutions?
The Recorded Future Intelligence Cloud is built with an API-first approach. We integrate into security tools and workflows that our clients use today and might use in the future, so our Intelligence Cloud continues to evolve with you.
Intelligence integrated into an organisation’s security tech stack can make your tools better, smarter, faster, more efficient and more impactful. Additionally, integrated intelligence can help identify gaps/blind spots and build critical security controls. We currently have 100-plus out-of-the-box integrations in our Intelligence Cloud Network across every critical technology category.
How is Recorded Future addressing the expectation of end-users to make solutions more automated and intelligent and, more recently, to embrace Generative AI?
Recorded Future has actually been using AI for a long time behind the scenes and it powers our Intelligence Graph, curating all of our data into relevant, consumable and searchable intelligence. Earlier this year, we were also the first company in our category to launch a generally available AI capability to our users – Recorded Future AI Insights.
Recorded Future AI is specific to intelligence, trained on the largest dataset of open web, dark web and technical data. It is trained to answer in both summary and analysis style based on a decade of expert insight. Users can now interact with Recorded Future AI in natural language to receive curated responses back. Recorded Future AI helps lower the bar for analysts to get started with producing quality intelligence, democratises intelligence with natural language interaction, gain efficiency and respond faster. These all drive proactivity.
How does Recorded Future assist organisations to identify and mitigate threats across cyber, supply-chain, physical and fraud domains?
Recorded Future addresses the need for every security user across every maturity journey through optimised user experiences, channels and outputs. Using Recorded Future enables clients to:
- Detect cyber-risks and vulnerabilities and gain deeper visibility into their threat landscape
- Understand real-time risk associated with supply chain partners and vendors
- Access timely information on threats or risks to their physical locations
- Identify compromised credentials, payment cards and phishing campaigns being sold or mentioned on the dark web
How do you see Attack Surface Management evolving in the years ahead?
The acceleration of digital growth is leading to expanding attack surfaces for organisations of all sizes. To proactively get ahead of risks and prioritise the exposures that need immediate attention, we see Attack Surface Management evolving along several paths:
- Correlating exposures and an organisation’s tech stack with the threat actors that are targeting the organisation
- Combining the management of vulnerabilities with Internet-asset discovery for more targeted and prioritised vulnerability management capabilities
- Considering stolen employee or partner credentials as part of an organisation’s attack surface