暴露管理(EM)是解决访问点(或攻击向量)和组织攻击面上的数字/物理资产的过程,这些资产可能会因为容易受到威胁参与者和破坏而增加整体风险状态.
Getting into specifics of exactly how a security organization might go about managing exposure to threats, there are many avenues CISOs 和 other practitioners might take. One of the more exhaustive solutions, however, is cyber asset 攻击表面 management (CAASM). 这是一种工具,组织可以利用它来详尽地清点数字资产,以便在任何给定时间获得更大的安全状态可见性.
然而, Gartner®州, “Without widespread business engagement most exposure management functions, 例如脆弱性评估, 不能有效地工作. Early engagement with resolver teams 和 the development of mobilization processes are essential to success.”
Security practitioners must garner buy-in from the stakeholders who not only control the budget, 而且还规定了当前的关键绩效指标(kpi),这些指标决定了公司的发展方向,从而决定了数字风险的状态.
为此目的, Gartner的研究还建议,安全和风险管理领导者应该“根据关键业务优先级和风险建立风险评估范围”, 考虑潜在的业务影响,而不是仅仅关注威胁的严重性.”
EM本质上是一个总括性术语,包含了保护和修复企业网络中潜在漏洞的不同方法 攻击表面 -无论是在云上还是在云下. 为了避免混淆, let’s dive into some of the specific ways organizations can succeed in managing exposure 和 threats.
风险管理和 漏洞管理(VM) 本质上覆盖了类似的功能——堵塞网络及其系统/应用程序中的漏洞——但VM可以被视为公开管理的一个子功能.
简单来说, EM保护网络边界, behind which lie the systems 和 applications running on the 网络. 然而, Gartner believes that “EM will supersede the vulnerability management practices of today.“从本质上来说, EM的类别将包括VM, 整体类别侧重于能够保护网络攻击面免受入侵并增强系统弱点的解决方案.
在当今时代,安全组织更经常关注的是绘制出网络攻击面潜在暴露的总体情况, whether that’s a misconfiguration in an 身份和访问管理(IAM) 协议或漏洞正在被积极利用,必须立即进行优先级修复.
This broader view that brings together similar remediation actions may well see the advent of more 合并工具 that can address the more subtle differences in the range of issues that could be exploitable. These tools should have the capabilities to effectively enable multiple outcomes 和 drive efficiency.
EM很重要,因为有必要利用工具来帮助识别和补救可能被威胁行为者利用的任何暴露. 正如前面提到的,电子商务很重要,因为它是一个可以包含许多不同功能的主题和平台.
攻击面管理(ASM) 维护对不断变化的网络环境的可见性的过程,以便安全团队可以修补漏洞并防御网络中出现的威胁吗.
External 攻击表面 management (EASM) 识别面向公共互联网的内部业务资产并监控漏洞的过程是否存在, 公共云配置错误, 暴露的凭证, or other external information 和 processes that could be exploited by attackers.
Cyber asset 攻击表面 management (CAASM) 提供所有网络资产的统一视图,安全人员可以通过数据集成识别暴露的资产和潜在的安全漏洞, 转换, 和分析. It is intended to be an authoritative source of asset information complete with ownership, 网络, 商业环境.
数字风险保护(DRP) is the process of safeguarding digital assets 和 br和 reputation from external threats. DRP解决方案的前提是,组织可以利用威胁参与者的活动,在攻击发生之前识别攻击. DRP利用从网络威胁情报(CTI)监测中获得的见解来表面可操作的保护领域.
精确定位和纠正差距, 漏洞, 认证配置错误, 和 many other security issues are actions that security teams typically need to fix fast. EM平台很重要,因为它们包含许多功能,使安全团队能够做到这一点.
了解整个EM生命周期的功能非常重要,因为这些过程的含义将决定具有特定需求的特定组织最终实现哪种类型的程序以最好地支持该业务. Let's take a look at the basic EM lifecycle:
自动化这些过程将使安全从业人员能够快速验证暴露及其风险级别, creating systems for faster prioritization 和 remediation. An EM program lifecycle will not be a plug-和-play implementation.
它将需要由整个组织中具有不同优先级的涉众商定的过程. 但是,构建这个定制程序的工作将是非常值得的,因为它节省了金钱和压力.
正如我们所知, EM encompasses more than just exposures to the internet 和 potential threat actors. But what positive effects 和 benefits can an effective EM program have on the business 和 its bottom line?
Stakeholders must be able to properly scope risk in order to determine potential threat exposures. If it is determined that certain factors simply aren't considered risks at a given moment in time, then it follows that something that could be seen at as an exposure might not be categorized that way.
If exposures are properly scoped according to risk value, then higher-value internal stakeholders – CISO, 这导演, 通过正确地对风险进行分类并按实际优先级处理,管理团队将更清楚地看到和体验安全可以给公司带来的底线利益.
With increased abilities to prioritize 和 move faster, implementing an effective EM platform can quickly impart an improved security posture to the organization. 更强的安全态势还意味着更频繁地遵循内部和外部政策和法规, which also puts the business in a stronger position of 合规.
就…而言 网络访问控制(NAC), EM's likely key strength is pinpointing 和 helping to remediate exposures that shouldn’t exist. Once those are plugged, this improves the ability of the 安全运营中心(SOC) 自动控制谁可以访问网络——如果他们没有权利访问网络,就把他们踢出去.