Imagine being bombarded by a relentless barrage of alarms, each one clamouring for immediate attention. This is the daily reality for cyber security teams, overwhelmed by alerts from countless sources, all demanding action.
Teams often struggle to connect the dots and determine which vulnerabilities pose the greatest threat and need immediate attention. The sheer volume and speed of threats make it impossible to address every single one.
In such a high-pressure environment, the ability to cut through the noise and focus on the most critical issues is essential. Security teams need an approach that prioritises efforts on specific areas and vulnerabilities to minimise risk effectively.
This is where exposure management (XM) becomes crucial. XM provides a strategic framework for identifying and addressing the most significant threats, enabling security teams to protect their organisations more efficiently.
The pitfalls in traditional security methods
Traditional security methods, such as penetration testing and periodic vulnerability assessments, have long been the go-to strategies for identifying and mitigating risks. However, these methods often fall short in providing a comprehensive and real-time view of an organisation’s vulnerabilities.
The lack of real-time data and context makes it difficult for security teams to address the full spectrum of potential threats. For example, a periodic vulnerability assessment might identify a misconfigured web server once a month. However, if attackers exploit a new vulnerability the day after the assessment, the organisation remains exposed until the next scheduled check. This disjointed approach leaves significant gaps in an organisation’s defences.
This issue is particularly severe for edge service applications and infrastructure devices such as VPN gateways, email servers, routers, switches, and firewalls. These internet-facing assets are often highly attractive targets for threat actors, due to their critical role in enabling remote connectivity for users.
Our latest research found that edge service and infrastructure vulnerabilities identified in the last two years are generally 11% more severe than other vulnerabilities. Additionally, the number of these specific vulnerabilities found each month in 2024 has increased by 22% compared to 2023 – despite the discovery rate for other types of vulnerabilities dropping by 56%.
Most concerningly, these devices or applications are difficult to monitor as they typically lack Endpoint Detection and Response (EDR) software. Network administrators often have to rely on trust alone, as there’s no feasible approach to verify the security of such assets.
As these vulnerabilities are continuously increasing, a more strategic approach to managing and mitigating risks is essential. XM can help significantly in this regard.
Understanding exposure management
XM is a proactive and integrated approach that provides a comprehensive view of potential attack surfaces and prioritises security actions based on an organisation’s specific context.
It’s a process that combines cloud security posture, identity management, internal hosts, internet-facing hosts and threat intelligence into a unified framework, enabling security teams to anticipate potential attack vectors and fortify their defences effectively.
Unlike traditional security measures, XM takes an “outside-in” approach, assessing how attackers might exploit vulnerabilities across interconnected systems. This shift in mindset is crucial for identifying and prioritising the most significant threats.
By focusing on the most critical vulnerabilities and potential attack paths, XM allows security teams to allocate resources more efficiently and enhance their overall security posture. Security teams can primarily focus on potentially exploitable access points across an attack surface and plug the necessary gaps in the systems/applications.
Exposure management as a strategic business enabler
The primary benefit of XM is its ability to proactively identify and prioritise risks. By providing a unified view of the entire attack path, XM improves an organisation’s ability to manage security risks.
This unified view allows security teams to understand how vulnerabilities can be exploited and prioritise those that pose the greatest risk. Security teams are then able to guarantee efficient resource allocation and focus on threats with the most significant impact on business operations.
This is how XM seamlessly align cyber security efforts with business objectives, whilst helping teams present complex security information in a simple manner that’s more accessible to non-technical stakeholders.
They can demonstrate which assets or systems are positioned along the potential attack path, and how an attacker can compromise it. Being able to clearly visualise the attack path and critical assets can help them translate the vulnerabilities into potential business impacts, such as the risk of losing sensitive customer data, regulatory fines, and reputational damage.
This improved communication supports compliance and regulatory requirements, reducing the risk of penalties and enhancing trust with stakeholders.
Beyond compliance, XM also significantly improves an organisation’s readiness for qualifying for cyber insurance coverage. In a world where insurance providers are imposing increasingly strict requirements for robust cyber security measures, a comprehensive XM strategy demonstrates a business’ commitment to security. This commitment can lead to better insurance terms and lower premiums.
Effectively implementing exposure management
A comprehensive approach is needed to successfully implement exposure management, starting with evaluating your external security stack, including assets like web servers, VPN gateways, email servers, and other internet-facing services.
CISOs can leverage Attack Surface Management (ASM) engagements to strike the right balance. Security teams can catalogue all internet-facing assets such as web servers, VPN gateways, email servers, and cloud services.
Automated tools can be leveraged to continuously scan and update the inventory and ensure no new or rogue assets are missed. These engagements will help security teams understand what an attacker can see from the outside and identify low-hanging fruit that might be easily exploited.
This viewpoint crucial for understanding how vulnerabilities can be exploited across different segments of the network. For instance, our analysis revealed that 64% of all edge service and infrastructure CVEs in the Known Exploited Vulnerability Catalogue (KEV) are highly likely to be exploited, highlighting the importance of addressing these areas.
By consolidating data from different assets within the network ecosystem, security teams can visualise the entire attack path, identify critical vulnerabilities, and prioritise remediation efforts based on the potential impact and exploitability. Security teams should use the insights gained from XM to continuously update and refine their security strategies to stay ahead of emerging threats.
In essence, XM transforms the influx of security alerts into actionable intelligence, empowering businesses to proactively manage risks and maintain robust cyber security postures. In an environment overwhelmed by alerts and potential threats, it helps to cut through the noise, providing a clear, prioritised roadmap for security efforts.
About the Author
Katie Inns is Head of Attack Surface Management at WithSecure. Katie’s focus is on helping organizations reduce and improve the security across their external attack surface. After completing a degree in Criminology, she worked as part of an in-house security team focusing on vulnerability management and application security, before joining WithSecure to focus on Attack Surface Management. As a side project, Katie is involved in medical device security research, some of which she has presented at DEFCON.
Katie can be reached on LinkedIn at https://www.linkedin.com/in/katie-inns/ and at our company website: https://www.withsecure.com/
Source: www.cyberdefensemagazine.com