This document discusses best practices for external attack surface management. It explains how digital acceleration has increased organizations' attack surfaces and defines external attack surface management. The document outlines how to categorize and assess risk for web applications and common attack vectors in retail, finance and healthcare. It concludes with recommended best practices, which include discovering all external assets, categorizing them, monitoring for changes, and implementing controls like patching, access management and security assessments.
Report
Share
Report
Share
1 of 31
More Related Content
Outpost24 webinar: best practice for external attack surface management
1. Best Practice for External Attack Surface
Management
Stephane Konarkowski
Technical Consultant @Outpost24
29th Sept 2021
2. Helping customers improve security posture since 2001
Full stack security assessment
Over 2,000 customers in all regions of the world
Really good at breaking technology
3. Agenda
• Digital Acceleration
• External Attack surface Management?
• Debunking Web Application attack surface
• Retail, Finance, Healthcare most common attack vectors
• Best Practices
5. Digital & Acceleration
• 1995 – migration of data from FTP and Usenet to web pages
• 2006 – Cloud computing (data services and architecture should
be on servers)
• Today – SaaS, PaaS, IaaS, Hybrid, API, etc…
6. Digital & Acceleration
• Worldwide digital
change has accelerated
the size, scope, and
composition of an
organization’s attack
surface.
Source
8. EASM (External Attack Surface Management)
Gartner defines EASM as “the processes, technology and professional
services deployed to discover external-facing enterprise assets and
systems that may present vulnerabilities.”
Before Now
14. Business Criticality
• Is this application revenue
generating?
• Is this application hosting
sensitive information and
customer data (PII)
Update Frequency
• No application updates
• Application updates occur once a
year
• Application updates occur
several times a year
• Updates occur continuously
Complexity Level
• Application with a high number
of pages
• Application with dynamic
content
• Application with multiple inputs
(forms)
Criticality
Updates
Complexity
ARS (Application
Risk Score)
Debunking Web Application attack Surface
18. Insurance
Of these applications identified are found to be using
old components containing known vulnerabilities that
could be exploited
143 #
Average # of old components used which can carry
vulnerabilities if software is unpatched and can lead
to increased risk of data breach
19. Retail
8 % Of these applications are suspicious applications
(test, dev, etc.)
Of Top 10 EU retailers are running out of date jQuery
90 %
20. US Credit Unions
17.4 #
Average # of open port 80 which can be vulnerable to
exploit if unpatched, misconfigured, or poor network
security rules
10 %
Of these applications identified are found to be using
old components containing known vulnerabilities that
could be exploited