You might have unknown assets like remote users' computers, business partners, and cloud resources that connect to your systems. These assets can have weaknesses like open ports, exposed services, and vulnerabilities. This is like leaving a back gate unlocked, making them a prime target for attackers who constantly scan for exposed systems and unmanaged external surfaces. To reduce the attack surface, you need comprehensive visibility across your external assets before external attackers start using them.
On July 8, 2024, Bitdefender added new External Attack Surface Management (EASM) capabilities to GravityZone, through the Early Access Program (EAP). This functionality empowers your security teams to automatically discover all internet-facing assets, services, and potential vulnerabilities.
External attack surface refers to all the points of entry and potential vulnerabilities that an organization has exposed to the internet. This includes web applications, network infrastructure, cloud services, etc. The attack surface of an organization can be reduced by identifying and mitigating unnecessary or risky exposures accessible from the internet.
To minimize potential attacker entry points, we need a two-pronged approach: reducing the attack surface and keeping systems up-to-date. This includes regular patching and updates for all devices, especially those at the network edge, which are a frequent target for attackers, including ransomware groups. Additionally, we should close unnecessary ports and disable unused services that could be exploited by attackers.
EASM can be used by both administrators and security analysts, each with potentially different use cases. Security analysts would leverage EASM for in-depth analysis of external threats. This could involve tasks like identifying and prioritizing vulnerabilities in externally facing assets or investigating potential attack vectors and breach attempts. Administrators might use EASM for broader security management and configuration tasks. It can involve automating patch management for externally facing systems, enforcing security policies on external assets, or configuring firewalls and access controls for external systems.
It is important to highlight that EASM is not intended for penetration testing or red teaming. While these involve simulating real-world attacks, EASM is designed to provide continuous visibility into your external assets. If you're interested in pen testing or red teaming, contact us through our official website or directly with a sales representative.
Bitdefender hosts all scanning services, making them readily available to you. It is an agentless service that can scan any type of asset, including unmanaged ones. EASM, available under the Risk Management section in Bitdefender GravityZone, includes two tabs: the EASM Dashboard and EASM Inventory.
The EASM dashboard allows you to start with your own scan configuration: Choose between assets such as domain, email, IP (IPv4, IPv6), IP block, and ASN number. The scan can be executed immediately or based on a defined schedule.
When the first scan ends, the EASM dashboard provides you with a comprehensive overview of your external attack surface using a graphical interface. You can find information about the total number of assets categorized by ASN reports, certificates, domains, similar domains, DNS records, IP blocks, IPv4/IPv6 addresses, emails, and services.
To simplify your prioritization tasks, the EASM dashboard highlights key information, including critical vulnerabilities prioritized based on CVE severity, top vulnerable services, services categorized by protocol, most open ports, and expiring certificates.
All the widgets presenting the data can be customized to provide your desired view. By clicking on the presented graphical information, you will be drilled down to the EASM inventory page, where the view is filtered for that specific asset.
The EASM Inventory page provides you with detailed information about discovered assets. At your disposal, you have smart views categorized by assets, such as all assets, ASN, domain (including subdomains), IP (IPv4, IPv6), certificates, DNS records, emails, and services.
Bitdefender defense in depth strategy relies on implementing multiple security measures (multi-layered security), acknowledging that no system can ever be completely secure. It is important to highlight that while EASM enhances prevention capabilities by providing visibility and management of external assets, it is not a substitute for penetration testing or red teaming, which involve active testing of defenses through simulated attacks.
With Bitdefender GravityZone EASM, we enhance prevention capabilities to minimize the attack surface and potential entry points for attackers. EASM functionality empowers you to see your entire external attack surface clearly. With automated discovery and insightful dashboards, you can gain visibility, prioritize risks, and secure your organization before attackers do.
To leverage the benefits of Bitdefender EASM, please contact your Bitdefender sales representative for more information on joining the Early Access Program (EAP).
tags
Grzegorz Nocon is a graduate of the Faculty of Physics at the University of Silesia. With over 16 years of experience in the IT industry, he currently works as a Technical Marketing Engineer at Bitdefender. A strong supporter of a holistic approach to security and passionate about solving security problems in a comprehensive and integrated way. Outside of work, an avid CrossFit enthusiast and a lover of fantasy literature.
View all postsDon’t miss out on exclusive content and exciting announcements!