Does the concept of Attack Surface Management vs. Attack Surface Analysis make sense to you?
Sort by:
With the explosion if IoT, 5G and APIs to connect everything, the attack surface is only going to grow. Management of the attack surface is ensuring that you understand the surface, ensure it is no larger than essential and is relevant to the business focus. The management aspect also addresses the vulnerabilities identified in;
Attack Surface Analysis. This looks at the attack surface for vulnerabilities and in helpful analysis, suggests options for addressing any vulnerabilities found. A good ASA, will take a risk based and realistic approach in reporting the vulnerabilities identified.
Thanks Andrew, I've yet to witness in my research a managment product that clearly represents/ synthesizes an all encompassing view of the environment. <br>I do wholeheartedly agree that a solid Attack Surface Analysis platforms on the other hand, can clearly define the blurred lines. Granted I do have some bias in this domain.
I’m wondering where folks don’t think this makes sense conceptually, even if their program isn’t robust enough in either area?
From my experience, you'd be surprised. <br>A reliance on a managment dashboard has been pointed to as an example of a clear understanding of the attack posture of the enterprise.
I agree with the others. They are different processes and some could describe as different layers of the problem space. You need to perform an attack surface analysis to understand risks, gaps and issues, but then once they are known, you need to have a process to monitor and manage these.
1000% - sounds like we're reading the same content.
I'd say that 'Analysis' is a component of 'Management' and as others have correctly said, this needs to be a *continuous* process/activity, not a periodic "audit", as attack vectors shift rapidly in today's world
Yes because they are two different things. Attack surface analysis looks at the number of vulnerabilities and goes on to prioritize them (e.g. risk level) and document them. Attack surface management is discovery and mitigation and prevention. It is the actions taken to remove threats.