Know your enemy – inside and out. External Attack Surface Management tools are an effective way to understand externally facing threats and help plan cyber defenses accordingly.
Let’s discuss what EASM is, how to use it, and what other pieces are involved to help one see through the fog of war that is your external network security posture.
External Attack Surface Management is typically a SaaS service for identifying, monitoring, and reporting on the various points of entry that are exposed to potential attackers from outside an organization's network. It can also help find unknown and unmanaged resources outside the firewall. EASM can also identify exposed vulnerabilities on external facing assets. As a SaaS service it requires minimal effort to configure and monitor.
Image 1: Dashboard from Microsoft’s Defender for EASM
EASM is a planning and investigative tool. Here are some examples of how security teams commonly use it in daily operations.
EASM solutions usually present their data in a schematized form so it can be queried and sorted in a database. As such, the EASM data can be combined with other information, such as vulnerability data and asset inventories. Together, this information can provide an overview of your attack surface. SOC administrators can then use this asset list to identify configuration gaps in tools such as CSPM, EDR, and SIEM.
If SIEM generates an incident containing a hostname, one of the first steps the SOC operator will take is to identify where that host exists on the network. EASM content can be made available in SIEM to provide quick access to that information. In addition, SOAR and AI tools (e.g., Microsoft’s Copilot for Security) can use EASM content to automatically lookup EASM content and apply relevant data to an incident.
External Attack Surface Management is a useful security architecture for understanding your publicly facing security posture. Combining EASM with other security tools can provide a good picture of your entire attack surface and help improve processes used for SIEM investigations.
References
Microsoft’s EASM Solution
Gartner EASM Reviews
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.