High-Fidelity Attack Surface Mapping

Eliminate blind spots and hinder attackers using these three tips to create a high-fidelity map of your organization’s entire attack surface.

“High-fidelity” is the replication of an effect, such as an image or sound, where the result is almost indistinguishable from the original. Similarly, in information security, recreating a clear picture of your attack surface is critical. Breaches happen when adversaries know more about your attack surface than you do. These days, you simply cannot afford to have a low-fidelity map of your attack surface. Clarity and precision keep you ahead of the bad guys. This is why Tenable introduced “high-fidelity” attack surface mapping.

Security tools and processes, particularly within vulnerability management and penetration testing, perform some attack surface mapping. However, the quality of the result varies and often leaves glaring blind spots. Some tools focus on identifying as many assets as possible across an enterprise but only go an inch deep in understanding each asset. The tools miss listening services, software distribution and versions, system configuration and so on. Other tools focus on going deep into each asset but miss assets located in the cloud, third-party hosted, forgotten legacy systems, test/development, across disparate business units, etc. Therefore, because it’s not a core competency in their toolset, very few organizations have an up-to-date attack surface map.

To get a high-fidelity picture of your organization’s attack surface, you need three things:

1. Horizontal coverage. Cast a wide net, polling the entire internet for every asset an organization owns. An asset, as defined by hostname/IP-address, includes those located across domain names, brands, hosting providers, etc. Assets may be hosted on-premise, in the cloud, third-party applications, labeled under subsidiaries & sub-brands, physically located across geographically distributed data centers and connected through non-contiguous IP ranges.
2. Vertical coverage. It’s important to have a deep understanding of each asset that you own. From security posture to technology stack to geolocation, every asset detail matters. This includes listening services (i.e., open ports), installed software and versions, access service networks (ASN) and transport layer security (TLS) certificate information. Various fingerprinting techniques may reveal the usage of authentication, CAPTCHAs, content security policies (CSP), HTTP strict transport security (HSTS), load balancers, web application firewalls, programming languages, web widgets, content delivery networks and much more.
3. Frequent coverage. New domain names may be registered at any time, often for new product launches, marketing promotions, or even domain squatting. Internet-connected assets may be deployed and decommissioned hour by hour or day by day. New ports/services may be opened and closed with even faster frequency. In addition, the software running on each surface may be frequently updated as well. Frequent and automated reanalysis of horizontal and vertical coverage is absolutely necessary for an up-to-date attack surface map.

Visit the Tenable.asm product page to learn more about attack surface management.