Does the concept of Attack Surface Management vs. Attack Surface Analysis make sense to you?

Security Operations Center (SOC)Threat Intelligence & Incident Response
1.6k viewscircle icon4 Upvotescircle icon18 Comments
Sort by:
CEO in Services (non-Government)3 years ago

Yes because they are two different things. Attack surface analysis  looks at the number of vulnerabilities and goes on to prioritize them (e.g. risk level) and document them. Attack surface management is discovery and mitigation and prevention. It is the actions taken to remove threats.

VP of Information Security in Software3 years ago

With the explosion if IoT, 5G and APIs to connect everything, the attack surface is only going to grow.  Management of the attack surface is ensuring that you understand the surface, ensure it is no larger than essential and is relevant to the business focus.  The management aspect also addresses the vulnerabilities identified in;

Attack Surface Analysis.  This looks at the attack surface for vulnerabilities and in helpful analysis, suggests options for addressing any vulnerabilities found.  A good ASA, will take a risk based and realistic approach in reporting the vulnerabilities identified.

1 Reply
no title3 years ago

Thanks Andrew, I&#39;ve yet to witness in my research a managment product that clearly represents/ synthesizes an all encompassing view of the environment. <br>I do wholeheartedly agree that a solid Attack Surface Analysis platforms on the other hand, can clearly define the blurred lines. Granted I do have some bias in this domain. 

Senior Director, Defense Programs in Software3 years ago

I’m wondering where folks don’t think this makes sense conceptually, even if their program isn’t robust enough in either area?

Lightbulb on2 circle icon1 Reply
no title3 years ago

From my experience, you&#39;d be surprised. <br>A reliance on a managment dashboard has been pointed to as an example of a clear understanding of the attack posture of the enterprise. 

CISO in Software3 years ago

I agree with the others.  They are different processes and some could describe as different layers of the problem space.  You need to perform an attack surface analysis to understand risks, gaps and issues, but then once they are known, you need to have a process to monitor and manage these.  

Lightbulb on2 circle icon1 Reply
no title3 years ago

1000% - sounds like we&#39;re reading the same content. 

CTO in Software3 years ago

I'd say that 'Analysis' is a component of 'Management' and as others have correctly said, this needs to be a *continuous* process/activity, not a periodic "audit", as attack vectors shift rapidly in today's world

Lightbulb on2

Content you might like

Does your AI security approach include intent-based API monitoring?

Yes33%

No – we have intent-based API monitoring but don’t use it for AI security 58%

We don’t use intent-based API monitoring8%

Other/unsure

View Results

Have you evaluated or implemented any deepfake detection tools?

Yes – currently evaluating tools21%

Yes – currently preparing to implement42%

We’ve evaluated tools but decided not to implement

Not yet – waiting to see if others find them effective 38%

No – not interested

View Results

What are you currently using to monitor APIs for anomalies in transaction logic?

Any examples you can share of effective use cases for threat intelligence beyond cybersecurity? Have you had success applying threat intelligence beyond IT/cybersecurity to increase its ROI or better justify that investment?

Read More Comments

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?