Table of Contents
What is External Attack Surface Management (EASM)?
External attack surface management (EASM) deals with an organization’s externally exposed digital resources and associated security vulnerabilities. These are any resources that can be accessed from outside an organization’s internal network, such as publicly available databases, cloud storage, and web applications. EASM relies on a thorough analysis of all potential entry points of attack to assess possible vulnerabilities and prioritize security measures and responses. EASM tools help organizations understand how secure their internet-facing digital assets are and how to remediate existing vulnerabilities as swiftly as possible to maintain a strong security posture. In this article, we’ll explore why EASM is a crucial security tool and what to consider when choosing an EASM tool. We’ll also highlight some of the best EASM solutions currently available.The Importance of EASM
Across all industries, companies are expanding their public digital presence. As a result, the breadth of exploitable attack surfaces available to malicious actors is enormous. Reports show that it takes cybercriminals only 15 minutes after the publication of a new security vulnerability to begin scanning for potentially vulnerable targets. To manage this growing issue for organizations, the recommendation of EASM tools is trending among leading global IT consultancies. Publicly available digital assets are the most common point of attack because they are easier to target than internal resources. These assets serve as convenient gateways into private resources, where the most sensitive customer and employee information can be accessed. Successful attacks on externally facing assets can cause serious business disruptions and irreversible damage to a company’s revenue stream and reputation. In addition, they bring the potential for legal and regulatory complications. For this reason, EASM tools are considered indispensable for any organization with a non-trivial internet presence.Considerations when choosing an EASM solution
As with any security tool, EASM solutions do not come in a one-size-fits-all form. The best fit for your organization requires careful analysis and consideration of many factors, including your organization’s size, industry, and level of internet exposure. Nevertheless, every modern EASM solution should at least include the following features.Real-time continuous monitoring and analysis
External attack surfaces are dynamic by nature. Updates to internet-facing applications are continuously deployed, configurations are often modified, and new vulnerabilities are constantly being discovered. Therefore, the EASM tool that you choose must provide continuous monitoring to detect any novel security vulnerability as quickly as possible.Instant alerting
The fastest way for your security team to respond to a vulnerability detected by an EASM tool is by receiving an instant alert notification. This is why an alert notification feature that integrates with various messaging platforms is mandatory for any EASM software.Integration with other security and operations tools
Apart from integrations with alerting and messaging tools, a worthy EASM solution should also integrate easily with other crucial platforms, such as:- Security information and event management (SIEM) tools to correlate security events and gain broader visibility into potential issues
- Public cloud providers to implement certain remediations automatically via the APIs exposed by the cloud provider
Risk prioritization and remediation suggestions
Though not every vulnerability demands immediate action, distinguishing those that demand swift remediation from those that pose only a minor threat is essential. The EASM solution of your choice should go beyond simply detecting risks; it should prioritize them. When it’s clear to your security team which risk has the potential to bring down your entire system, they are better positioned to make good decisions and carry out effective remediation actions. The best EASM solutions provide actionable suggestions, making an organization’s time to resolution much quicker than solutions that require manual investigation. This also enables technical staff to focus on tasks where their expertise can provide more business value.Ease of setup and management
Given the highly dynamic nature of modern attack surfaces, it’s essential that any tool selected is easy to set up and manage. Look for solutions that can map out your attack surface while requiring minimal data. Additionally, consider solutions that allow for in-app addition and removal of assets.Top EASM Solutions
Researching which tool to use requires significant time. To save you from this work, we will highlight what we consider to be the best EASM solutions currently available.
(in alphabetical order)
- Censys Exposure Management by Censys
- Falcon Surface by CrowdStrike
- EASM Platform by CyCognito
- EASM Platform by Detectify
- Attack Surface Discovery by IONIX
- Mandiant Advantage Attack Surface Management by Google Mandiant
- Proof of Source Authenticity by Memcyco
- Microsoft Defender EASM by Microsoft
- Cortex Xpanse by Palo Alto Networks
- Randori Platform by IBM
Censys Exposure Management by Censys
Ann Arbor, Michigan | 2017 | www.censys.com
Censys is a cybersecurity startup that focuses on developing comprehensive, massive-scale internet scanning capabilities. The Censys Exposure Management EASM tool offers:
- Continuous asset discovery with daily updates to your attack surface.
- Risk prioritization at the per-asset level.
- A logbook feature that tracks the previous two years of changes to each of your assets.
CrowdStrike® Falcon Surface™ by CrowdStrike
Austin, TX | 2011 | www.crowdstrike.com
CrowdStrike is globally recognized as a leading cybersecurity company specializing in threat intelligence and cyberattack response strategies and services. As CrowdStrike’s EASM solution, Falcon Surface offers the following features:
- Risk prioritization with AI-powered insights.
- Exceedingly fast vulnerability remediation with guided, actionable steps.
- Continuous monitoring of potential security gaps, such as RCE vulnerabilities, access control issues, and service misconfigurations.
CyCognito EASM Platform by CyCognito
Palo Alto, California | 2017 | www.cycognito.com
CyCognito is a technology startup that focuses on cybersecurity and risk management. Its main offering is an EASM platform that provides the following features:
- Advanced security testing with diagnostic sweeps across your entire attack surface.
- Dynamic, configurable dashboards with advanced filtering options.
- Discovery of unknown and unmanaged assets through the use of its comprehensive global botnet.
Detectify EASM Platform by Detectify
Boston, MA | 2013 | www.detectify.com
Detectify is a software as a service (SaaS) cybersecurity company based in Sweden with a U.S. base in Boston. It uses a “network of elite ethical hackers” to source data for its security research. Detectify’s EASM platform is a cloud-based offering with the following key features:
- Attack surface custom policies, which are customizable rules designed to refine surface monitoring and notify on policy breaches.
- An API for programmatically customizing alerts or aggregating security information.
- Payload-based testing from a research team of ethical hackers to determine the validity of detected vulnerabilities in your system.
Attack Surface Discovery by IONIX
Tel Aviv, Israel | 2017 | www.ionix.io
IONIX (formerly Cyberpion) is a cybersecurity company that focuses on mapping organizations’ networks of dependencies and digital supply chains. Its Attack Surface Discovery EASM product offers the following:
- A discovery engine that leverages machine learning (ML) and connection intelligence to create a comprehensive inventory of an organization’s digital assets from an attacker’s point of view.
- Visualization of attack surfaces through a continuously updated, graph-based data model.
- Progressive validation through heuristics and ML to reduce false positives.
Mandiant Advantage Attack Surface Management
by Google Mandiant
Alexandria, Virginia | 2004 | www.mandiant.com
Mandiant is a cybersecurity company that was acquired by Google in 2022. Its main areas of expertise are incident response and security consulting. Mandiant Advantage Attack Surface Management is an EASM tool that offers:
- Real-time infrastructure monitoring that detects changes and potential exposures.
- Over 250 prebuilt third-party integrations.
- Visibility across the entire internet, including the deep and dark web.
Proof of Source Authenticity by Memcyco
Tel Aviv, Israel | 2021 | www.memcyco.com
Memcyco is a quickly growing cybersecurity startup specializing in protection against website impersonation. Its EASM tool offers:
- Defense against brand impersonation via a digital brand watermark that allows users to verify that they are on an authentic website.
- Real-time visibility and instant alerting of attempted brand fraud attacks.
- Detailed impact reports for remediation and compliance purposes.
Microsoft Defender EASM by Microsoft
Redmond, Washington | 1975 | www.microsoft.com
As one of the largest software companies in the world, Microsoft has a proven track record in cloud, operating system (OS), and developer tools. Its EASM solution, Microsoft Defender, offers the following features:
- Tailored solutions for enterprise, cloud, and individual use cases.
- An automated self-healing feature that expedites threat remediation.
- Incident prioritization in a user-friendly dashboard to reduce confusion, clutter, and alert fatigue.
Cortex Xpanse by Palo Alto Networks
Santa Clara, California | 2005 | www.paloaltonetworks.com
Palo Alto Networks is a well-known cybersecurity company recognized for its next-generation firewall security solutions as well as its endpoint protection and malware detection tools. Its EASM solution, Cortex Xpanse, provides the following features:
- Real-time record updating of all internet-connected assets to help identify all exposure risks.
- An attacker’s view of your attack surface with the Expander feature.
- Continuous mapping of your attack surface and prioritization of remediation efforts with supervised machine learning models.
Randori Platform by IBM
Boston, MA | 2018 | www.ibm.com
Randori, which was acquired by IBM in 2022, bills itself as a “trusted adversary” to its customers by delivering an “unrivaled attack experience at scale.” Its platform for attack surface management offers the following key features:
- Digital asset discovery to help unearth shadow IT and other resources that compose an organization’s external attack surface.
- Risk-level determination, providing a unified view of an organization’s top targets from the point of view of an attacker.
- An integration marketplace to connect EASM data with systems such as Jira, Splunk, and ServiceNow.
Conclusion
Cybercriminals find it easy to attack organizations through their publicly available digital assets. Enterprises need awareness of vulnerabilities the moment they arise and the ability to resolve them quickly to provide the best possible shield against malicious activity.
In this article, we reviewed some of the best solutions available in the EASM market. Investing in a robust EASM solution is a critical imperative to safeguard your organization’s digital assets. Take proactive steps to fortify your cyber defenses and protect your business from potential harm.
