Lead Image © tarokichi, 123RF.com
ASM tools and strategies for threat management
Choose Your Armor
Identifying and exploiting vulnerabilities has been part of the attackers' trade for thousands of years. Just think of Hagen von Tronje, for example, who snuck up behind Siegfried, took aim with his spear, and murdered the purportedly invulnerable hero. He knew about the weak point in Siegfried's protective armor. Literary historians talk about Siegfried's death as an intrigue or honor killing, but as security professionals know, it was yet another case of inadequate attack surface management. In this article, I shed light on what is important in terms of IT security when reducing the attack surface.
ASM
Security analysts and providers use the term "attack surface management" (ASM) to describe tools and software-as-a-service (SaaS) offerings that are intended to enable enterprises – large corporations in particular – to identify their attack surfaces more precisely and respond more quickly to changes in their risk situation (see the "Prevention and NIS2" box). In their Leadership Compass publications on ASM [1], analysts at KuppingerCole states that ASM has "emerged as a crucial discipline that enables proactive cybersecurity strategies, mitigating risks by reducing an organization's exposure to potential attacks."
Prevention and NIS2
Dennis-Kenji Kipker, Professor of IT Security Law at the Bremen University of Applied Sciences, points out that NIS2 [the successor to the 2016 European Network and Information Systems Directive] is based on the principle of prevention; therefore, you look at what the attack vectors are so that if you do get compromised, you have an emergency management system in place, which ultimately also includes all risk management measures. From this point of view, he says, ASM can be
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Malware Remains Top Cause of Cybersecurity Incidents
-
Security and automation with SBOMs
Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities. -
News for Admins
WhiteSource Releases Free Log4j Detection Tool
-
Targeted attacks on companies
Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks. -
Build a secure development and production pipeline
We investigate best practices to secure CI/CD pipelines with DevSecOps.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
