What is Cyber Asset Attack Surface Management (CAASM) and What Are the Keys to Success?

By Lucia Dochita, LanSweeper

A recent study conducted by Trend Micro discovered that 43% of global organizations say the cyber asset attack surface is "spiraling out of control." This statement sounds like a quote from a dystopian novel about the end of the world. The reality is, if enterprises don't find a way to properly manage the cyber asset attack surface, disaster is indeed inevitable.

Here’s why: CyberCrime Magazine reports that Cybercrime has increased by 600% since the onset of the pandemic. By 2025, it will cost companies worldwide about $10.5 trillion every year. This isn’t news to most organizations – and that’s why they’re investing heavily in Cybersecurity solutions. In fact, the market is exploding – growing at a CAGR of 13.4%, it stands to reach $376.32 billion by 2029. In the first half of 2022 alone, companies invested $12.5 billion of venture capital into securing their IT estates. 

Unfortunately, all of this money will be wasted if companies fail to do one thing: know what hardware and software assets they need to protect in the first place.

In this blog post, we’ll answer some important questions about cybersecurity in 2022 and beyond, including:

·        What is the Cyber Asset Attack Surface?

·        What is Cyber Asset Attack Surface Management (CAASM)?

 

What is the Attack Surface – and Why Is It Growing?

The cyber asset attack surface encompasses all points of entry that can serve as attack vectors for unauthorized users to gain access to a system for the purpose of stealing information or launching a cyber attack. And it’s growing – fast. In the wake of the pandemic and trends like remote working, digitization, mobility and cloud computing, the attack surface has expanded exponentially, and organizations grapple with keeping track of the broad mix of physical and virtual assets, operational technology (OT) and Internet of Things (IoT) devices that now comprise the IT estate. 

Shadow IT adds to the problem – the addition of unsanctioned assets consumes up to 40% of IT spending according to CIO Magazine. This means there are many software and hardware assets IT knows nothing about. What’s more, with the majority of organizations offering or planning to offer a hybrid work model, it’s more common than ever for employees to sign onto the corporate network using personal, often unprotected devices. As a result, 70% of organizations don’t know what assets they have, which makes them impossible to protect.

 

What Is CAASM?

CAASM stands for Cyber Asset Attack Surface Management, and it’s just what it sounds like – the process of understanding, protecting and managing the growing attack surface. 

CAASM technology solutions help IT teams detect and identify any and all software, hardware and cloud assets connected to the network, and uncover vulnerabilities in those assets that could open the door for a cyber attack. CAASM solutions are able to discover what assets have outdated or unpatched software, encryption issues or weak credentials, misconfigurations or other problems that increase cybersecurity risk. They provide visibility across the entire IT estate, giving IT teams better IT governance and control, and the information they need to manage the attack surface, or act quickly to stop the bleeding should an attack occur.

But to work properly, CAASM solutions need access to complete and accurate technology asset data. This data must also be readily accessible so that IT security professionals can isolate assets that pose a threat and take rapid corrective action.

 

What to look for in tools to assist with CAASM?

The first step to assessing the attack surface area is knowing what technology assets you have to protect. You’ll want to select tools and that use  agentless deep scanning engines and credential-free device recognition (CDR) technology to automatically and continuously discover and recognize all IT assets across your infrastructure — servers, laptops, desktops, virtual machines, operating systems, software, OT and IoT assets — to create a comprehensive inventory with detailed IT asset data without the need to install any agent on the devices before you can get started.  Leading tools work without agents — and can do an initial scan without the need for credentials – making it fast and easy to implement. 

 

However, with networks becoming increasingly mobile and complicated, certain assets become harder to reach. Think for example of laptops out on the road, devices at remote locations or machines in protected zones (DMZs). You’ll want to investigate solutions that can reach and keep track of those devices where an agentless approach just can’t reach, offering you the best of both worlds.

 

Another important capability is to aggregates the technology asset data gathered from other sources, providing an always-accurate single source of truth to inform all business and IT scenarios and enable strategic decision-making. Importantly, IT security professionals can leverage this system of record to analyze the attack surface, pinpoint vulnerabilities and security gaps, and strengthen an organization’s security posture to prevent cyber attacks.

Finally, you’ll want to use tools that extract data from the “bare metal,” making it more accurate. Some solutions ingest data from a variety of sources before assembling an inventory, and those sources may be outdated. Extracting from “bare metal”, delivers data with higher levels of accuracy and reliability which makes it possible to analyze the attack surface with confidence, pinpoint and eliminate vulnerabilities and security gaps, and strengthen your organization’s security posture.