Identify 曝光 和 vulnerabilities throughout your physical 和 digital 攻击表面.
Gartner® Innovation Insight: 攻击面管理Cyber asset 攻击表面 management (CAASM) is a platform tool that leverages data integration, 转换, 和分析,以提供一个统一的视图,所有物理和数字网络资产,组成一个企业网络.
CAASM政策有助于识别 曝光 和 potential security gaps along the 网络 攻击表面. They are intended to act as authoritative sources of asset information complete with ownership, 网络, 和 business context for IT 和 security teams, furthering the knowledge of the security organization at large.
CAASM can be integrated with existing 工作流 to automate security control gap analysis, 优先级, 和修复, thereby boosting efficiency 和 breaking down operational silos between teams 和 their tools. 记住这一点很重要, 然而, that the assets these tools are meant to protect are more than just devices 和 infrastructure.
A 安全运营中心(SOC) typically tags “assets” as users, applications, 和 even application code. 关键是SOC内的安全从业人员要认识到这些资产的互连性.
Consider a scenario where more than 1,000 servers have the same vulnerability. Assessing each one quickly becomes time 和 cost-prohibitive, 因此,CAASM功能可以通过丰富网络资产数据来加快这一过程,从而实现大部分分析的自动化.
CAASM works by considering the interconnectedness 和 totality of 网络 assets, 分析他们的弱点, 和 then enacting risk-reduction policies. Common key performance indicators (KPIs) of CAASM include:
如上所述, 当在一个网络上有如此多的资产需要考虑时,评估每个漏洞可能会变得成本和时间过高. 自动化有助于更快地分析漏洞,并确定修复的优先级.
CAASM enables organizations to leverage analytics with the goal of refining search results, 识别趋势, or disseminating specific information to defined groups or individuals. 这种集成的方法提供了全面的攻击面可见性和映射,因此SOC可以更有效地解决风险和管理漏洞.
也许CAASM最关键的功能是在新资产插入和退出网络时识别和映射它们. 重要的是要利用综合资产发现工具,以获得随着新资产出现而变化的攻击面的真实图像. 网络访问控制(NAC) 功能还可以帮助创建策略,以减少未经授权的访问尝试, should a bad actor exploit an asset vulnerability that has yet to be identified.
从那里,安全人员可以更容易地为资产或资产组定义特定的结果. Once these outcomes are established, 这只是对所有不符合这些安全标准的资产进行搜索,然后对它们进行优先级调整的问题. 以这种方式, CAASM帮助SOC简化库存和补救实践,以帮助其获得更高的效率.
CAASM differs from other technologies in many ways, but is also similar in others. 有很多平台和方法可以帮助安全从业者确保他们的攻击面得到尽可能多的保护. When looking at 攻击表面 protection solutions, 买家在为其组织购买合适的解决方案之前可能会考虑哪些关键差异?
连续 攻击面管理(ASM) is the overarching concept of the always-on monitoring of an organization’s digital footprint, with the goal of shrinking the 攻击表面 和 strengthening the company’s security posture. ASM encompasses all of the methodologies we’ll discuss here. CAASM本质上是通过过滤组织在其网络上或试图访问其网络的所有网络资产的ASM, 对内对外.
两者的主要区别 EASM 而CAASM安全则是前者通常只关注面向外部的资产,而后者则同时关注外部和内部网络资产, therefore granting a more complete picture of the 攻击表面 at any given time. Because of its more simplistic nature as compared to CAASM, EASM solutions tend to be easier to set up 和 therefore more widely adopted.
虽然CAASM解决方案倾向于关注内部和外部网络资产,因此也关注它们与网络共享并从网络中获取的数据 组成 解决方案通常将重点放在组织的敏感数字资产及其在互联网上的暴露和潜在攻击者以及暴露可能导致的漏洞上.
让我们来看看在网络资产的扩散造成更多漏洞的情况下,最需要实现CAASM解决方案来帮助保护企业网络的情况.
The purpose of ASM is to shrink the so-called 攻击表面, so that there are fewer potential access points for a 威胁的演员 破坏网络. 但正如我们在这里讨论过的, more assets interacting with an enterprise 网络 means a greater proliferation of access points.
随着越来越多的资产进入网络,实现一个有效的CAASM解决方案可以帮助减轻这些担忧. Let’s take a look at some of the benefits of such a solution:
A CAASM platform isn’t a plug-和-play solution to cyber asset management. 事实上, 正确实现这样的解决方案需要经验丰富的安全从业人员的技能. 但是,从维护良好和有效的CAASM工具中获得的价值将意味着一个更强大、更安全的网络.