外部 攻击面管理 (EASM) is the process of identifying internal business assets that are public-internet facing as well as monitoring vulnerabilities, 公共云配置错误, 暴露的凭证, 或其他可能被攻击者利用的外部信息和流程. 这项工作与获得云安全状态的清晰快照的目标是一致的.
如上所述,错误配置可能在漏洞中扮演重要角色. 正确配置任何云环境意味着执行 数字风险保护 保护它免受各种威胁, 无论是蓄意攻击还是无意的错误——错误配置, 安全意识不正确, 等. -为攻击打开了大门.
内部 攻击面管理 addresses the security of assets – including humans that could be affected by social engineering such as phishing – that are behind a business’ firewalls 和 protective security measures. 这些资产是, 从理论上讲, not exposed to the public internet 和 lie behind defensive measures in order to protect the business’ internal operations 和 trade secrets.
EASM – even though it is a part of ASM – hones in on protecting a business’ more commercial operations that lie beyond the safeguards of its internal security measures. 这包括面向公众的网站, 应用程序, 电子商务业务, 如果攻击者要利用这些数字资产,可以访问任何后端.
EASM和 网络资产攻击面管理 is that EASM methodologies primarily focus on 发现ing 和 protecting public-facing assets accessible by virtually anyone on the internet. CAASM methodologies focus on both the internal 和 external 攻击表面 to provide a security organization with maximum visibility of their pre- 和 post-perimeter 攻击表面. A CAASM platform can accomplish this via API integrations that access an organization's tech stack to provide that holistic view.
外部 攻击面管理 (EASM) is important because of the potential for exploitation 和 attack when it comes to public internet-facing – or external – assets. It’s important to remember that this external 攻击表面 can open the door for threat actors to exploit an internal 攻击表面.
EASM solutions are becoming better at identifying those external-facing assets that become part of a business’ 攻击表面 as new attack vectors are spun up with each public-facing launch. EASM解决方案应该能够利用威胁源来参与 威胁狩猎. This is critical in underst和ing what threat actors are exploiting in the wild 和 if it is worth the effort to scramble the team 和 proactively address a potential issue. 主动威胁搜索的关键方面包括:
EASM should also be able to leverage external 威胁情报 from the post-perimeter 攻击表面 to properly detect 和 prioritize risks 和 threats, 从最近的网络端点到周围的深和 黑暗的网络. The myriad of assets that businesses place onto the public internet each 和 every day is truly astounding, 和 each of those assets – as it goes online – will have its own considerations in preventing potential exploitation.
外部, proactive 威胁情报 is a must-have for any security organization that hopes to protect the 攻击表面 of its business to the best of its ability. It is key to take preventive actions that go beyond a network perimeter to be able to respond to incidents along each dynamic 攻击表面.
EASM works by continuously monitoring 和 发现ing public internet-facing assets for potential vulnerabilities that can be exploited as attack vectors. 如果这发生了, 然后,威胁行为者也可能潜在地破坏组织的内部攻击面.
事实上 福雷斯特说 当“工具或功能持续扫描”时,EASM可以工作, 发现, 列举面向互联网的资产, 建立已发现资产的唯一指纹, 和识别 曝光 已知的和未知的资产.” Let’s take a look at some uses cases Forrester has identified that can illustrate some specifics of EASM functionalities:
有了这些用例, we can begin to underst和 just how many assets are spun up every day with the express purpose of plugging into the public-facing internet 和 expanding an organization's 攻击表面 from internal to external – 和 t在这里fore global. 外部 威胁情报 提要对于减轻和阻止外部攻击面上的威胁至关重要.
EASM的一些功能我们已经在上面的不同部分中介绍过了, 但是我们将编译它们, 还有一些附加内容, 在这里.
取决于提供者, 威胁情报 和 detections engineering teams should be able to provide detections via SaaS delivery, 这意味着可以访问最新的警报, 更新, 威胁英特尔. EASM practitioners should be able to continually enrich threat-management tools with up-to-the-minute intel.
A 安全运营中心(SOC) can leverage an EASM platform to gain rapid access to misconfiguration data for all assets considered post-perimeter. 从那里, 可以进行优先排序过程,以确定哪些资产需要立即关注. 在积极主动方面, EASM可以用来为红色组织收集威胁情报, 蓝色的, 还有正在进行演习的紫队.
An EASM platform should primarily be able to help practitioners gain visibility into their top external-facing assets so they can prioritize 和 remediate before attackers sniff out the vulnerabilities.
The benefits of EASM are profound 和 can have an incredibly positive impact on the effectiveness of proactive security measures 和 the overall reputation of the business.