What is Attack Surface Management?
The foundation of Attack Surface Management is Attack Surface Discovery. As everyone usually says, you can't secure what you don't know. So once you know what you have exposed on the Internet, you have to manage it. The usual approach is to start with a risk assessment on these assets.
But there are some common grounds you have to manage. You don't want a critical vulnerability on a VPN server, an exposed RDP service, or an accessible database with no authentication. That kind or risk doesn't need an assessment. And there are more of such kind of risks that you want to eliminate. We had this approach in mind from the beginning, back in 2017. We are pioneers in Attack Surface Discovery & Attack Surface Management.
Baseline risk approach
We have defined a set of common guidelines, a set of risks you must avoid at all costs. These risks are the vulnerabilities attackers want to exploit to take profit over your business. They want to find these vulnerabilities to penetrate your network and deploy ransomwares. You don't want to be the next victim, do you?
We have created a check list you can run to cut risks upfront, in a proactive manner. Our solution is built-in with this checks and you can easily verify you are not exposed to any of them (or that you are). Datascan, vulnscan & riskscan are at the core of our Attack Surface Management approach.
Your goal, at the very least: to have no CVE detection in our vulnscan category.
Traditional vulnerability scanners approach
We have worked in vulnerability scanning industry before, and we know what such solutions output requirement is: a not empty security audit report. Thus, many items identified as "vulnerabilities" are in fact so insignificant that no one cares. No attackers will exploit them. And as the audit reports are usually lengthy, no one read them and vulnerabilities are never fixed.
At ONYPHE, we focus on the most important issues. Your goal is that, when you search against our baseline risk for your assets, no result appear within our data. If something pops-up, or you have received an alert, you really have to pay attention and promptly fix the identified gem. Your goal is to defend against attackers, right? You don't want to consume resources on unexploitable vulnerabilities.
On focusing on critical issues only, we avoid creating patch-management fatigue.
Continuous monitoring
We scan Internet IP addresses and Web site URLs on a continuous manner. We have an Alert API you can leverage to get instant alert as soon as a risk occurence is found. Or you can directly take advantage of the Search API to execute a check-list against your own company-policy once a month, or at the schedule of your choise.
As our data is rendered in JSON from a REST API, you can even fetch it and integrate it within your local SIEM. Then, you can use the power of your chosen-technology to run your own alerts and custom dashboards. At ONYPHE, we use the Elastic Stack as a backend, that may also be your open-source SIEM of choice.
One of our motto is: alert fewly, alert wisely.
What is Attack Surface Discovery?
That's the step before management of your attack surface. You first discover, then you can manage. Click here to learn more. You can iterate over these two steps in an endless loop. The initial root name of our company was Sisyphus (or Sisyphe, in French).