Enterprise attack surface management, also known as attack surface management (ASM), is a type of cybersecurity strategy that focuses on discovering vulnerabilities, exposed perimeter points, and potential attack vectors that threat actors can target. ASM works from the hacker's perspective, much like traditional pen testing, but it’s much more expansive in scope and continuous in approach. With that insight, an ASM team or application can conduct continuous analysis and remediation of any weak points on your company's attack surface. To understand what ASM is protecting, it’s important to first know what an attack surface actually is.

Your attack surface encompasses all the potential entry vectors for threat actors across the assets in your organization. These can include vulnerabilities that threat actors can exploit, compromised passwords they can use to hijack accounts, or exposed remote desktop protocol (RDP) instances.

1. Digital attack surface 

Your cloud assets and any in-house IT infrastructure connected to the internet have an attack surface that may have weaknesses. These are prime targets for cyberattacks like malware, distributed denial-of-service (DDoS), and unauthorized access attempts. 

2. Physical attack surface 

Likewise, your unconnected assets—like non-Internet servers, desk computers, laptops, IoT devices, and many types of operational hardware—are within your physical attack surface. Here, penetration attempts might involve compromising access control or even physical invasion of the space.. 

3. Social engineering attack surface 

Your people comprise the final attack surface, as they are often directly vulnerable to social engineering attacks. These may include manipulation, tricks, and scams, or even blackmail, as well as simple social pressure.

As more organizations undergo digital transformation, their digital footprints are growing rapidly. This means cyber attack surfaces are growing just as fast - and their current defense strategies may not be able to keep up. 

Risk assessment and management strategies designed to fit yesterday's centralized, static networks can't adapt to the speed at which new attack vectors develop. They can't move quickly enough to spot new vulnerabilities in a constantly expanding attack surface. 

Point-in-time solutions like pen testing are an excellent example. Traditional pen testing can seek out vulnerabilities in well-known assets, yes, but it cannot address when new assets and vulnerabilities pop up constantly. A more continuous approach is needed. 

ASM allows both in-house cybersecurity teams and security operations centers (SOCs) to be more proactive about asset discovery and protection. A good ASM strategy gives you an understanding of your attack surfaces, their vulnerabilities, and newly emerging attack vectors in real-time.

ASM uses several different tools and approaches to protect your assets. These include: 

Attack surface monitoring tools

Attack surface monitoring tools are digital tools, often AI or machine learning-based, that offer continuous discovery and investigation of your digital assets. They look for vulnerabilities in an ever-changing attack surface. 

Continuous attack surface management

Continuous attack surface management (CASM) tools focus on giving you visibility of your entire attack surface in real-time. The focus is much more on emerging threats than well-known ones. Again, these tools are generally automated.

Continuous asset discovery

This aspect of CASM mainly focuses on spotting new or short-lived digital assets, while leaving the vulnerability checks and fixes to other teams or tools. 

Vulnerability scans

Often called vulnerability management, this is limited to the discovery of assets and prioritization of their vulnerabilities. Traditional vulnerability management is static, while ASM, on the other hand, builds on this with continuous monitoring and risk mitigation. 

Risk scoring

Risk scoring uses a common vulnerability scoring system (CVSS) framework to compare vulnerabilities. This lets more advanced automated tools, or teams, handle protection and remediation. 

Compliance benchmarking/monitoring

Compliance benchmarking is an important part of any security strategy, and no less so for an ASM-based strategy. The 18 Center for Internet Security (CIS) Critical Security Controls (CIS18) are a set of best practices for cybersecurity. 

The National Institute of Standards and Technology’s (NIST) cybersecurity framework fulfils a similar purpose. 

CAASM is really an expansion of ASM principles. CAASM stands for cyber asset attack surface management, and in this context, cyber assets are any digitally connected resource that you value. They could be hardware, software, or data assets, on-site or off. 

Whereas ASM strategy is mainly focused on detecting and protecting vulnerabilities to outside attacks, CAASM expands that scope to your inner attack surfaces as well. It combines external and internal cybersecurity strategies and assets to protect the entire attack surface, essentially acting as the broader umbrella.

External attack surface management (EASM) is sometimes used as a synonym for ASM. However, a new, more specific meaning is emerging. In this context, EASM strategies focus almost exclusively on your external-facing digital attack surface. This includes web apps, public cloud instances, exposed APIs, and forgotten subdomains. Where ASM includes internal systems, EASM zooms in on what attackers can see and touch from outside your network.

ASM gives security teams a way to proactively reduce their attack surface by uncovering and controlling unknown assets before attackers can exploit them. Having this foundation ensures your organization is ready to take advantage of future ASM-specific capabilities as they mature.   

For now, think of combining Huntress’ managed endpoint and identity threat detection and response tools as a way to illuminate your enterprise attack surface, and then shrink it. We help enterprises gain visibility into threats, improve response time, and reduce the risk of compromise.