For a network to be well protected, it is important to keep the attack surface as small as possible to protect it optimally. Even if you keep the attack surface of your network as small as possible, it must be constantly monitored, so that any potential threats can be identified and blocked in the shortest possible time. Once an attack surface is identified and fully mapped, it is vital to test its vulnerabilities to identify both current and future risks. These tasks are part of attack surface monitoring (ASM). There are tools specially designed for attack surface monitoring. In general, these tools work by scanning your network and IT assets (endpoints, web applications, web services, etc.) for exposed resources. After this scan, they inform you about the detected risks and start to constantly monitor your network to detect changes in the attack surface or the appearance of new risks. The best of these tools use threat databases that are kept up to date with each new threat to anticipate problems. The following is a review of the best ASM tools.
UpGuard
The platform offered by UpGuard constitutes an all-in-one software for risk management and third-party attack surface. It consists of three parts:
UpGuard Vendor Risk: Third-party risk management designed to continuously monitor technology vendors, automate security questionnaires and reduce risks from third and fourth parties.UpGuard BreachSight: Attack surface management that prevents data breaches, uncovers leaked credentials, and protects customer data.UpGuard CyberResearch: Managed security services to extend protection against third-party risks. UpGuard analysts join forces to monitor your organization and your suppliers, detecting potential data leaks.
UpGuard offers a free cybersecurity report to demonstrate the tool’s capabilities. With this free report, you can discover key risks on your website, your email system, or your network. The report offers instant insights that allow you to take immediate action on hundreds of risk factors, including SSL, open ports, DNS health, and common vulnerabilities. After proving the usefulness of the service with the free report, you can purchase the service with different pricing options to suit the size of your business or network. The basic small business option allows you to take your first steps in attack surface management, then you can scale up to add capabilities in case you need them.
Reflectiz
Reflectiz provides enterprises with a complete view of their risk surfaces, helping them mitigate the risks arising from the increasing use of open-source tools and third-party applications. The Reflectiz application is zero-impact, meaning that it requires no installation and is run remotely, avoiding the compromise of IT resources and access to sensitive company information. Reflectiz’s strategy is based on an innovative sandbox where first, third and fourth-party applications are scanned to detect all vulnerabilities through proprietary behavioral analysis. It then gives visibility to the results of the analysis through a single dashboard. Finally, it prioritizes the risks, then remediates them and addresses any compliance issues. The effectiveness of Reflectiz’s analysis of the company’s online ecosystem is continuously increased, thanks to regular Internet scanning to keep its large database of threats up to date. In this way, the solution provides its customers with a high value from day one, regardless of the size of the company, as it supports small teams, medium-sized organizations, and even large global corporations.
Intruder
With Intruder you can discover all areas of your IT infrastructure that are exposed to the Internet, giving you greater visibility of your company’s attack surface and greater control by allowing you to restrict what should not be exposed. Intruder offers a simple search tool for open ports and services, with adaptive filters that identify those technologies that an attacker might be able to access. Since the attack surface of a network is not something that remains static over time, Intruder also offers constant monitoring possibilities to oversee any changes in your IT environment. For example, you can get a report on any ports or services that have been opened recently. The tool also keeps you informed through alerts about deployments you may not have been aware of. For companies with very large networks, Intruder offers the unique Smart Recon feature, which automatically determines which of the assets in your network are active. This limits scanning operations to only active targets, reducing the fee so you don’t have to pay for inactive systems. To the attack surface management tasks, Intruder adds SSL and TLS certificate expiration control. Thanks to this functionality, you will be notified when your certificates are about to expire, maintaining security and avoiding downtime for your services or websites.
InsightVM
Rapid7’s InsightVM platform aims to provide clarity in risk detection and remediation. With InsightVM you can discover risks across all endpoints in your network, your cloud infrastructure, and your virtualized infrastructure. Proper risk prioritization, accompanied by step-by-step instructions for IT and DevOps departments, provides a more efficient and effective remediation procedure. With InsightVM you can see the risks in your IT infrastructure in real-time, at a glance, in the tool’s dashboard. That dashboard also allows you to measure and report progress against the objectives of your risk mitigation action plan. InsightVM can integrate with more than 40 leading technologies, from SIEMs and firewalls to ticket tracking systems, to add value by sharing vulnerability information with them via a RESTful API. The InsightVM solution collects information from endpoints using a lightweight, universal agent – the same one used with other Rapid7 solutions, such as InsightIDR and InsightOps. A single deployment is sufficient to obtain real-time information about network risks and endpoint users.
Detectify Surface Monitoring
Detectify’s Surface Monitoring solution monitors everything you expose to the web in your IT infrastructure, enforcing the security of your application subdomains and detecting exposed files, configuration flaws, and vulnerabilities. One of Detectify Surface Monitoring’s strengths is the ease of getting started, as you simply add your domain and the tool immediately starts monitoring all subdomains and applications. Detectify incorporates Crowdsource’s ethical hacking research results into its solution daily, so that you are always protected against the most recently discovered vulnerabilities. Even the undocumented ones, exclusive to Detectify. Crowdsource is a community of over 350 ethical hackers who work continuously to incorporate their research results into Detectify, which takes as little as 15 minutes. In addition to tracking all of your network assets and technologies exposed to the Internet, Detectfiy analyses the posture of your DNS infrastructure and prevents subdomain takeovers, while detecting unintentional information leaks and disclosure. For example, API keys, tokens, passwords, and other data are hardcoded in your apps or plain text without proper configuration.
Bugcrowd
Bugcrowd is an attack surface management tool that allows you to find, inventory, and assign a risk level to exposed devices, forgotten or shadow applications, and other hidden IT assets. Bugcrowd does its job by combining technology and data with popular ingenuity to provide the most comprehensive risk assessment of your attack surface. With Bugcrowd you can analyze the scan results and package them for review by users and stakeholders. Along with the results, you can include recommendations and remediation plans, which can be very valuable, for example, during a merger or acquisition. In turn, vulnerability discoveries can be transferred to Bug Bounty or Penetration Testing solutions for remediation. Bugcrowd’s platform features a technology, called AssetGraph, that assembles a ranking of assets at risk, based on an extensive repository of security knowledge. The strongest aspect of Bugcrowd is precisely the word “crowd”: thanks to a global network of expert security researchers, the tool can drastically reduce the attack surface of your network, anticipating hackers to discover vulnerabilities they have not yet detected.
Mandiant Advantage
Mandiant’s approach is to turn your security program from reactive to proactive by performing graphical mapping that illuminates your assets and triggers alerts on risky exposures. Mandiant allows you to automatically apply its expertise and intelligence to your attack surface, telling you what’s vulnerable, what’s exposed, and what’s misconfigured. In this way, your security teams can put an intelligent threat detection scheme in place, responding immediately for resolution and mitigation. Mandiant’s proactivity is evidenced by real-time monitoring, supported by alerts that inform you when your asset situation changes so that no change in your asset exposure goes unnoticed and you stay several steps ahead of threats. With Mandiant, you can fully embrace cloud technology and drive your company’s digital transformation forward without risk. Mandiant’s IT asset mapping gives you complete visibility into your IT infrastructure, allowing you to discover resources exposed in the cloud through more than 250 integrations. It allows you to identify relationships with partners and third parties, and examine the composition of exposed technologies, assets, and configurations.
The Value of Anticipation
When analyzing the costs of ASM tools, it is important not only to look at their absolute prices but also to consider the savings they bring by simplifying the task of threat detection and mitigation. The key thing with these tools is that they cover your entire IT environment, including local, remote, cloud, containerized, and virtual machine resources so that none of your assets fall off your radar. However, don’t think that an ASM tool is a silver bullet that will single-handedly make any risk go away. The real value of these tools is that they enable you to proactively manage vulnerabilities and track and obtain metrics that optimize the task of remediators.