Attack Surface Management (ASM) is the proactive practice of identifying and managing the potential attack surface of an organization’s IT assets to prevent and mitigate potential attacks by hackers. It is essential to minimize the exposure of valuable assets as targets for hackers. However, despite the importance of ASM, many people still fail to grasp how it can be effectively utilized within their businesses or organizations, what problems it can solve, and the benefits it can provide. In this best practice, we will present a reeanactment of a real-life scenario showcasing the utilization of vulnerability detection and mitigation using attack surface management within a company. We aim to provide a comprehensive perspective on how ASM can address specific issues within businesses and organizations and the advantages it can offer. This will help individuals contemplating the implementation of ASM gain a deeper understanding of its practical applications.
Attack Surface Management for Large Corporation A
Corporation A has over 2,000 full-time employees, including domestic and overseas subsidiaries. The company’s security team is responsible for continuously monitoring and addressing potential security vulnerabilities, not only in vulnerable ports and sensitive applications but also in numerous IP addresses, domains, certificates, and other assets owned and operated by the company on the internet. They are tasked with ensuring the secure management of these assets and taking appropriate action when necessary.
However, as the business grows, the number of IT assets (IP addresses, domains) that the security team needs to manage has also increased significantly. They have been manually monitoring and addressing various aspects, including IT asset monitoring and problem response, using their internal resources. Recognizing the difficulty in allocating additional resources, the security team at Corporation A has decided to seek consultation from the Criminal IP ASM team for potential implementation.
Corporation A has implemented Criminal IP ASM, enabling users to immediately utilize all ASM features without the need for separate installation or configuration processes. Users can log in directly to the web page and access all ASM functionalities. Upon entering the company’s main domain, all globally connected IT assets are automatically detected and organized into a user-friendly dashboard within 2-3 days. This consolidation brings all assets into a single page, eliminating multiple individuals needing to monitor and manage assets late into the night. The dashboard provides detailed information on the distribution and location of IT assets, open ports, and recent risk occurrences. Each asset’s safety level is categorized as High, Medium, or Low, enabling quick and intuitive reporting.
Detection of Netherlands IP With Risk Score ‘Critical’ and 7 OpenSSH Vulnerabilities
A few days after the implementation of Criminal IP ASM, the Security Team Manager at Corporation A checked the dashboard upon arriving at work and noticed something unusual. It was unexpected to find a company server in the Netherlands or any business collaboration with companies in that country. However, the list of owned IT assets indicated “Netherlands” as the country information. Additionally, among the multiple listed IP addresses, one IP had a ‘Critical’ score. The Security Team Manager utilized Criminal IP, a cyber threat intelligence search engine, to conduct a more in-depth analysis of this IP. The search results revealed a 60% probability that this IP had been exploited to attack other assets, as it had a record of abuse. To compound the issue, the analysis also identified seven OpenSSH vulnerabilities on open port 22.
This situation poses a significant threat as the IP address associated with Corporation A is being exploited for malicious activities. This puts the company’s brand at risk and opens the possibility of compromising other critical servers due to vulnerabilities in unmanaged systems. Recognizing the seriousness of the situation, the Security Team Manager acted promptly by following the reporting process and taking immediate action based on the vulnerability report from Criminal IP ASM. If the assets had been managed using the previous system, detecting and responding swiftly would have been challenging.
Intuitively Visualizing Extensive IT Asset Vulnerabilities
Today’s article explored a case of vulnerability detection using attack surface management. Criminal IP ASM is an automated SaaS solution that performs attack surface management by automatically identifying all assets distributed across the global network with just a single entry of the main domain. It integrates with the AI-based Cyber Threat Intelligence (CTI) Open Source Intelligence (OSINT) search engine, Criminal IP, for search, intelligence, and API integration. The detected and analyzed data is then visually presented in easy-to-understand dashboards, along with security vulnerabilities, allowing organizations to proactively identify and prevent potential threats in their IT assets. It addresses the challenges faced by security managers in companies and organizations who struggle with security management due to resource constraints and offers a simplified and intuitive solution.
If you are interested in learning more about Criminal IP ASM and its specific features and case studies, you can request a free demo to directly monitor your attack surface. Additionally, you can read the article “Attack Surface Management: Monitoring Unknown Assets and Vulnerabilities” for a more detailed understanding of the concept, features, and importance of attack surface management.
Data Source: Criminal IP (https://www.criminalip.io/en)