The Human Managed web app hm.works has been getting fresh updates regularly with intel, decisions, and actions for use cases to control threats, scale opportunities, and manage risks.
This week, we are excited to announce the release of a dashboard that reports on the discovery and detection of exposed weaknesses in your internet-facing assets (cloud, SaaS, PaaS, IaaS, on-prem resources). Read more about our attack surface management use case in our newly revamped website.
Introducing...
external attack surface management (ASM) 🔍⬅️
Personalized intel, ranked decisions & prescriptive actions from continuous and contextualized discovery and detection of your external-facing digital assets.
The external attack surface management dashboard answers the top 3 things you need to know about your security exposure:
- What is my external attack vector on my internet-facing assets?
- What exposure should I prioritize based on severity and exploitability?
- What is the best action to reduce my external attack surface?
The challenges of securing your attack surface
External attack surface is the point or vector through which an attacker could enter your environment through assets open to the Internet, such as websites, servers, cloud services, software, and more.
While external ASM is nothing new, it is increasingly challenging to execute effectively at scale, because of the abundance and frequent changes in your organization's digital make up. As your digital initiatives and supply chain of service providers and vendors grow, so do the number of entry points your attackers could exploit.
Effective external ASM requires continuous discovery and monitoring of externally exposed assets and their weaknesses, and prioritized decision-making to consistently reduce the attack vector.
Some examples of personalized intel that help with external ASM are:
- open critical ports
- known and unknown / managed and unmanaged assets
- vulnerabilities affecting your internet-facing assets
- SSL certificate expiry, validity / vulnerability
- threats and misconfigs in DNS
- dormant / unused digital assets (e.g. domains, subdomains, IP addresses)
* * *
HM's external attack surface management use case helps you to get to effective decisions and actions quickly, by taking a data-driven, context-based approach to ASM.
Let's explore each segment of the external ASM dashboard.
1) Key insight metrics
Insights about your attack vector and exposures in numbers.
2) Key insight cards
Insights about your attack vector and exposures in visual charts and narratives.
3) I.De.A for external ASM
Curated analysis and recommendations to manage your external attack surface from HM.
- What:
- summarized intel gives you customizable to key indicators (in this case, domains and subdomain status distribution)
- recommended decision gives you prioritized direction to reduce exposures, based on hm.works's analysis.
- recommended action gives you the steps to execute the recommended decision
- Why: Helps you to understand your company's current external attack surface across all discovered and monitored internet-facing assets, and take prioritized decisions and actions to reduce exposures -- based on data.
4) External attack surface data grid
Interactive grid with organized data on your external attack surface.
- What: An interactive grid breaks down discovered and monitored public-facing assets' exposure based on:
- asset type (domain, SSL certificate, IP address, website, social account, technology )
- asset variety (e.g. active / dormant subdomain, cloud IP address, third party library, network app)
- host
- IP address
- environment (on-prem, SaaS, PaaS, IaaS, hybrid)
- port, port criticality, port status
- discovery source, discovery date, etc.
- Why: Understand and explore your current state of external exposure in detail, identify blockers, and plan for improvements to achieve desired posture goals.
4) Asset details & discovery path
Drill down of all available details on an asset and its discovery path
* * *
And that is hm.works 1.17! We will be releasing more features and updates regularly, so stay tuned.
To get the latest news from Human Managed, follow us on LinkedIn and check out our website and blog.
* * *
Want to discuss how we can help solve your cyber, digital, or risk operations through data?
Want a test run of the hm.works app?
Have any questions or feedback?
Please contact us at hello@humanmanaged.com.