Attack surface management (ASM) is a growing focus for security teams and many C-Level executives with a stake in data management and security such as CIOs, CTOs, and CISOs.
A glance at the news in any given week is likely to produce reports of another data breach or ransomware attack perpetrated by cybercriminals. Attacks are becoming much more sophisticated and are often being carried out by dedicated teams of state-sponsored hackers. Recent incidents include targeted cyberattacks on companies involved in essential infrastructure.
Cybercriminals often gain access to enterprise data resources and databases indirectly by compromising weak security somewhere in an organization’s network. Once access has been gained, malware can perform many activities ranging from stealing login credentials to encrypting data so they can initiate a ransomware attack.
The National Institute of Standards and Technology (NIST) defines an attack surface as the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.
Implicit in the definition is the fact that unauthorized entry into a system element can put the whole environment at risk. Once systems have been compromised they can be used to attack other areas of an organization’s infrastructure.
This means that every access point needs to be protected with the same level of security. The extent of an environment’s security is predicated on that of its weakest link.
The COVID-19 pandemic and associated increase in the number of remote workers has dramatically increased the size of an enterprise’s attack surface. Remote access is initiated from outside corporate firewalls and poses substantial additional risks to the computing environment. A worker falling victim to a single malicious phishing email can put the whole organization at risk.
Attack surface management (ASM) describes the preemptive measures an organization should take to mitigate risks to an attack surface. It involves the monitoring of digital assets that relate to, make use of or store sensitive data.
Attack surface management also extends to the process of identifying and classifying digital assets to establish the potential for risk, and the prioritization of how those risks should be addressed.
The attack surface encompasses everything outside the corporate firewall that can be attacked by hackers searching for vulnerabilities to exploit. This includes known assets, unknown assets, rogue assets spawned by threat actors, and assets belonging to enterprise vendors.
Robust attack surface management is made up of four related activities:
The first phase of an ASM initiative is the discovery of all Internet-facing digital assets that are related to the processing of sensitive data. These assets include those owned by an organization as well as those of cloud providers and contractors.
After assets are discovered, they need to be inventoried and classified in some way that makes sense to the business. It might start with separating systems that do and do not process sensitive data. Business-critical infrastructure elements should be identified at this time.
A thorough assessment of all assets should be conducted to identify risks and evaluate the current state of the element’s security. This should be an iterative process that provides insight into assets with fluctuating risks or a modified security posture.
Continuously monitoring the security of enterprise assets is an essential component of ASM. Security threats need to be promptly identified and mitigated to stop prospective attacks or minimize their impact.
ASM demands a coordinated approach that includes understanding the assets that need to be protected and monitoring them to ensure they have not been compromised. It’s not a one-time process but rather needs to be an ongoing initiative to fully protect the environment.
SQL Server databases are commonly used to store enterprise data resources which include sensitive and business-critical information. Databases and the information they contain are a prime target of cybercriminals intent on perpetrating a ransomware attack or stealing sensitive data.
IDERA’s SQL Secure is a dedicated SQL Server security tool and an essential part of attack surface management for SQL Server environments. Following are some of the features offered by SQL Secure that address ASM.
With a strong attack surface management program that includes security tools like SQL Secure, teams can minimize the chances of systems being compromised by cybercriminals.
Try SQL Secure for free!
Powered by IDERA