According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having their own flavor of ASM. However, despite the breadth of offerings on the market, a lot of vendors have gaps in functionality that make the steps of a CTEM program—Scoping, Discovery, Prioritization, Validation, and Mobilization—difficult to achieve.
Red Sift ASM & Certificates are focused on first class asset discovery, comprehensive configuration monitoring, and in-depth analysis of network and security standards.
Why do we focus on this?
Configuring security features on web and email services is hard.
- Less than 1% of websites use the security features available to them today. And few organizations have a handle on their use of networking and security standards. As a result, their security leaves a lot to be desired.
- Modern networking and security have become so complex that it’s become increasingly difficult to manage it all satisfactorily. As a result, network configuration and security decisions are left without a coherent strategy.
- There is never enough time to do a good enough job and finding security experts is hard. Even if you find an expert, they rarely have the capacity to monitor modern estates.
- Cloud computing providers have created a new problem – gaining complete visibility of an organization’s exposed network and application attack surface is impossible. The infrastructure used to be located in-house, where it was predictable and easy to understand. But cloud deployments mean empowered teams. Now companies no longer have visibility into where the infrastructure resides. There is rarely an asset inventory or one that’s up to date. Knowing what’s running and where, and how the services are configured is a moving target.
What’s the impact?
This lack of oversight means that misconfiguration and misalignment are rife. There are frequent costly outages, severe impacts on performance, as well as unknown security exposures. Infrastructure and applications are often exploited through man-in-the-middle (MITM) attacks, SSL stripping, cookie hijacking, protocol downgrades, domain and subdomain takeovers, cross-site scripting, injection attacks, and more. Development costs have increased because systems are not deployed securely by default, and are instead secured after the fact, often forcing developers to go back to fix already-deployed systems.
This level of poor security posture erodes customers’ faith, and creates damaged reputations, regulatory issues, compliance issues, penalties, increases insurance costs, and leads to lost business.
Why do other ASM tools not help with these types of attacks?
Many ASM tools lack good visibility of external infrastructure and often prioritize CVEs—publicly disclosed cybersecurity vulnerabilities—instead. While addressing CVEs is important, this focuses on what is wrong now rather than what can be improved on for the future. This view ignores misconfigurations and misalignments that lead to the types of attacks mentioned above. In addition, they often provide less comprehensive results because their data is not refreshed continuously or in real-time, resulting in out-of-date results.
ASM tools often ignore the importance of certificates too. A healthy certificate estate is a key way to mitigate MITM attacks and avoid service downtime. Expiration monitoring in ASM tools is either unavailable or poorly implemented, and often important metadata is missing.
Red Sift ASM & Certificates: the missing link in your CTEM strategy
We think Security and Engineering people deserve better.
- You should have a complete inventory of all organizational assets and what technology is running on those assets, including a single pane of glass view into your estate that is kept up to date automatically.
- You should have full monitoring of the network inside and out.
- You should have access to analysis that is real-time, insightful, and trustworthy. When someone in your team looks at an issue, they should be able to understand it and know what the first steps toward a resolution are.
- Developers should be encouraged to build and deploy securely by default, with tools integrated into their implementation and deployment pipelines.
- You should know how to use the available security configurations to avoid attacks that are happening every day.
Red Sift ASM & Certificates continuously discover, inventory and help manage your business’s critical external-facing and cloud assets. They allow you to get a view of your entire attack surface – including assets you didn’t know existed. This enables you to be aware of and remediate configuration risks before bad actors can take advantage.
Red Sift ASM & Certificates continuously scan domains, hostnames, and IP addresses so that data is always fresh. You can then build an inventory of your external-facing and cloud assets without spreadsheets or manual processes, as well as connect to cloud providers, certificate authorities, registrars, and managed DNS providers to import and monitor all of your assets.
Real-time internet activity feeds identify new properties that belong to you and automatically add them to your inventory. This provides you with in-depth, real-time data about each asset, making it straightforward to take action as soon as a misconfiguration or unmanaged asset is identified. The ability to provide an organization’s full asset inventory, and monitor it in a continuous and real-time manner, is something that other tools are not capable of at such a comprehensive level. To find out more, visit our Red Sift ASM and Red Sift Certificates web pages.
