风险管理 (EM) is the process of addressing the access points – or attack vectors – 和 digital/physical assets along an organization’s 攻击表面 that could increase overall risk posture by being vulnerable to 威胁的演员 和违反.
Getting into specifics of exactly how a security organization might go about managing exposure to threats, there are many avenues CISOs 和 other practitioners might take. One of the more exhaustive solutions, however, is cyber asset 攻击表面 management (CAASM). This is a tool that organizations can leverage to exhaustively inventory digital assets in order to gain greater visibility of their security posture at any given time.
然而, Gartner®州, “Without widespread business engagement most exposure management functions, 例如脆弱性评估, 不能有效地工作. Early engagement with resolver teams 和 the development of mobilization processes are essential to success.”
Security practitioners must garner buy-in from the stakeholders who not only control the budget, but also dictate the current key performance indicators (KPIs) governing the direction – 和 therefore state of digital risk – of the company.
为此目的, the Gartner research also recommends that security 和 risk management leaders should “build exposure assessment scopes based on key business priorities 和 risks, taking into consideration the potential business impact of a compromise rather than primarily focusing on the severity of the threat alone.”
EM is essentially an umbrella term that encompasses different methods of protecting 和 remediating potential 漏洞 along an enterprise 网络’s 攻击表面 -无论是在云上还是在云下. 为了避免混淆, let’s dive into some of the specific ways organizations can succeed in managing exposure 和 threats.
风险管理和 漏洞管理(VM) essentially cover off on similar functions – plugging gaps in a 网络 和 its systems/applications – but VM could be considered a sub-function of exposure management.
简单来说, EM保护网络边界, behind which lie the systems 和 applications running on the 网络. 然而, Gartner believes that “EM will supersede the vulnerability management practices of today.“从本质上来说, EM的类别将包括VM, with the overall category focusing on solutions that can secure 网络 攻击表面s from intrusion 和 fortify their systems against weaknesses.
Where security organizations are more often looking to move in the modern era is plotting out the totality of potential exposures along the 网络 攻击表面, whether that’s a misconfiguration in an identity 和 access management (IAM) protocol or vulnerability that is seeing active exploitation 和 must immediately be prioritized for remediation.
This broader view that brings together similar remediation actions may well see the advent of more 合并工具 that can address the more subtle differences in the range of issues that could be exploitable. These tools should have the capabilities to effectively enable multiple outcomes 和 drive efficiency.
EM is important because it is necessary to leverage tools that can help to identify 和 remediate any exposures that could potentially be exploited by 威胁的演员. EM is also important because it is – as previously mentioned – a topic 和 platform that can encompass many different functions.
攻击面管理(ASM) is the process of maintaining visibility into an ever-changing 网络 environment so that security teams can patch 漏洞 和 defend against emerging threats along the 网络.
External 攻击表面 management (EASM) is the process of identifying internal business assets that are public-internet facing 和 monitoring for 漏洞, 公共云配置错误, 暴露的凭证, or other external information 和 processes that could be exploited by attackers.
Cyber asset 攻击表面 management (CAASM) provides a unified view of all cyber assets so security personnel can identify exposed assets 和 potential security gaps through data integration, 转换, 和分析. It is intended to be an authoritative source of asset information complete with ownership, 网络, 商业环境.
数字风险保护(DRP) is the process of safeguarding digital assets 和 br和 reputation from external threats. DRP solutions operate on the premise that organizations can use threat actor activity to their advantage to identify attacks before they happen. DRP leverages insights derived from cyber threat intelligence (CTI) monitoring to surface actionable areas of protection.
精确定位和纠正差距, 漏洞, 认证配置错误, 和 many other security issues are actions that security teams typically need to fix fast. EM platforms are important because they encompass many capabilities that enable security teams to do just that.
It's important to know the functions of an overall EM lifecycle as the implications of those processes will determine which type of program a specific organization with specific needs ultimately implements to best support that business. Let's take a look at the basic EM lifecycle:
Automating these processes will enable security practitioners to quickly validate exposures 和 their level of risk, creating systems for faster prioritization 和 remediation. An EM program lifecycle will not be a plug-和-play implementation.
It will require processes that are agreed upon by stakeholders all over the organization with different priorities. But the work that goes into building this bespoke program will be well worth the money 和 stress saved down the line.
正如我们所知, EM encompasses more than just exposures to the internet 和 potential 威胁的演员. But what positive effects 和 benefits can an effective EM program have on the business 和 its bottom line?
Stakeholders must be able to properly scope risk in order to determine potential threat exposures. If it is determined that certain factors simply aren't considered risks at a given moment in time, then it follows that something that could be seen at as an exposure might not be categorized that way.
If exposures are properly scoped according to risk value, then higher-value internal stakeholders – CISO, 这导演, executive team – will more clearly see 和 experience the bottom-line benefit security can bring to the company by correctly categorizing exposures 和 addressing them in order of real priority.
With increased abilities to prioritize 和 move faster, implementing an effective EM platform can quickly impart an improved security posture to the organization. A stronger security posture also means internal 和 external policies 和 regulations are likely being followed more frequently, which also puts the business in a stronger position of 合规.
就…而言 网络访问控制(NAC), EM's likely key strength is pinpointing 和 helping to remediate exposures that shouldn’t exist. Once those are plugged, this improves the ability of the 安全运营中心(SOC) to automate control over who gains access to the 网络 – 和 kick them off if they don’t have a right to be there.