To effectively defend your organization, you need to see it through the eyes of an attacker. This involves understanding your internet-facing assets, including websites, APIs, cloud applications, domains, and other related components, as well as their associated vulnerabilities. Identifying unknown, forgotten, outdated, or misconfigured assets is critical. Failure to manage these exposed points leaves your organization vulnerable; this is like leaving a back gate unlocked. These unmanaged external surfaces are prime targets for attackers who constantly scan for exposed systems.
Now, GravityZone External Attack Surface Management (EASM) can help.
While endpoint risk management, with its vulnerability scanners, provides visibility into known assets, it often creates a blind spot for systems that are unknown, misclassified, or never documented. Proactively identifying and mitigating these unnecessary or risky exposures accessible from the internet is crucial to significantly reduce your attack surface before attackers can exploit them.
External Attack Surface Management (EASM) empowers your security teams to continuously discover and analyze internet-facing assets, their services, and potential vulnerabilities. EASM allows you to scan a wide range of asset types, including IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. From these scans, its core functionality provides comprehensive asset discovery, detecting all publicly exposed IPs, expiring or expired certificates, vulnerable public services, open ports, and more, ensuring no asset is overlooked.
It is important to emphasize that EASM is fundamentally a tool for continuous visibility and proactive defense, not for offensive security operations like penetration testing or red teaming. While these activities involve simulating real-world attacks to identify weaknesses, EASM's purpose is to provide an always-on, attacker-centric view of your external posture.
Bitdefender takes the load off your shoulders by hosting all scanning services and making them readily available to you. This is an agentless service that can scan any type of asset, even those typically unmanaged. You'll find EASM features integrated across three sections: EASM dashboard, EASM Assets, and EASM Artifacts.
The EASM dashboard is available under the Monitoring section in the ASM Dashboard tab. It allows you to start with your own scan configuration. You can choose between various assets, including domain, email, IPv4, and IPv6. The scan can be executed immediately or based on a defined schedule. Detailed information about EASM scan configurations can be found at our Bitdefender Support Center here.
EASM Dashboard
The EASM Dashboard offers a visual representation of all discovered assets for your managed companies, along with related vulnerabilities and scan result data. Information is presented in clearly defined sections and easily customizable widgets, including details such as:
In the Risk Management section, you can find the EASM Assets and EASM Artifacts sections, which provide highly customizable grids displaying lists of all discovered assets and their associated artifacts. These separate views allow you to focus on the specific details most relevant to your investigation.
Within these grids, you also have the flexibility to manage your findings by assigning selected assets to a specific account, modifying their priority, changing their investigation status, and adding your own custom notes.
The EASM Assets section provides a comprehensive list of all discovered external assets that constitute your attack surface. This includes core entities such as:
For EASM Assets, you can customize, save, and switch between different views to tailor your display. The 'All assets' view offers a complete picture, providing correlated information such as: Asset name, Asset type, Asset status, Related assets and artifacts, Investigation status, Information on whether the asset was assigned to an account, Priority, and Notes. Different information will be displayed, depending on the type of asset displayed.
EASM Assets
Complementing the asset view, the EASM Artifacts section dives deeper into the specific components and indicators discovered in relation to your assets. These artifacts provide important information about problems, vulnerabilities, and misconfigurations, offering crucial context and detail about your external posture. This includes:
Similarly, for EASM Artifacts, you can customize, save, and switch between various views. The 'All artifacts’ view provides all correlated information, including the Artifact name, Artifact type, Related assets, Investigation status, Information on whether the asset was assigned to an account, Priority, and Notes. Different information will be displayed, depending on the type of artifact displayed.
EASM Artifacts
Staying informed about changes to your external attack surface is crucial for a timely response. Whether you perform a manual or automated scan, EASM notifications keep you updated, highlighting new problems discovered after each scan.
EASM Notifications
For enhanced visibility, the dashboard clearly categorizes new discoveries. You'll find newly identified assets highlighted in the "New Assets" section, allowing you to quickly review and prioritize their management. Similarly, newly discovered artifacts are showcased in the "New Artifacts" section, ensuring you don't miss critical context or details about your external posture.
Beyond providing comprehensive visibility, EASM data is designed to be highly actionable, enabling your security teams to swiftly move from discovery to remediation and risk reduction. The insights gained from EASM can be directly leveraged within other Bitdefender platforms to streamline your security operations:
Imagine a company with a publicly available domain. Using readily available tools for internet reconnaissance, CT logs, and public DNS records, attackers can easily find critical information about this domain. This includes public IP addresses, certificate details, open ports, identified services, and even correlated information about CVEs (Common Vulnerabilities and Exposures) assigned to specific applications. This wealth of accessible data effectively outlines an attack surface for malicious actors.
This is precisely where EASM comes into play. By continuously scanning and cataloging these external-facing assets and their associated vulnerabilities, EASM allows your organization to proactively identify and manage this exposed attack surface. Consider the following examples:
In a threat landscape where attackers constantly seek exposed weaknesses, Bitdefender External Attack Surface Management provides the crucial visibility and actionable insights needed to proactively identify, assess, and significantly reduce your organization's attack surface. By transforming raw data into intelligence, EASM empowers your teams to stay ahead of threats and strengthen your overall security posture.
Learn more about GravityZone External Attack Surface Management.
tags
Grzegorz Nocon is a graduate of the Faculty of Physics at the University of Silesia. With over 16 years of experience in the IT industry, he currently works as a Technical Marketing Engineer at Bitdefender. A strong supporter of a holistic approach to security and passionate about solving security problems in a comprehensive and integrated way. Outside of work, an avid CrossFit enthusiast and a lover of fantasy literature.
View all postsDon’t miss out on exclusive content and exciting announcements!