网络资产攻击面管理(CAASM)是一种利用数据集成的平台工具, conversion, and analytics to provide a unified view of all physical and digital cyber assets that comprise an enterprise network.
CAASM policies help to identify exposures 以及网络上潜在的安全漏洞 attack surface. 它们旨在作为具有所有权的资产信息的权威来源, network, 以及IT和安全团队的业务环境, 进一步了解整个安全组织.
CAASM可以与现有工作流程集成,以自动进行安全控制差距分析, prioritization, and remediation, 从而提高效率,打破团队和他们的工具之间的操作孤岛. It’s important to remember, however, 这些工具要保护的资产不仅仅是设备和基础设施.
A 安全运营中心(SOC) 通常将“资产”标记为用户、应用程序,甚至是应用程序代码. The key is for the security practitioners within a SOC to recognize the interconnectedness of these assets.
考虑这样一个场景:超过1000台服务器具有相同的漏洞. 快速评估每一个都变得费时费力, thus CAASM capabilities can step in to speed up the process by enriching cyber asset data to then automate the majority of analysis.
CAASM通过考虑网络资产的互联性和整体性来工作, analyzing their vulnerabilities, 然后制定降低风险的政策. CAASM常见的关键绩效指标包括:
As mentioned above, assessing each vulnerability can become cost and time-prohibitive when there is such a multitude of assets to consider on one network. Automation helps by analyzing vulnerabilities faster as well as prioritizing them for remediation.
CAASM使组织能够利用分析来优化搜索结果, identifying trends, 或者向特定的群体或个人传播特定的信息. 这种集成的方法提供了全面的攻击面可见性和映射 so a SOC can address risks and manage vulnerabilities more efficiently.
Perhaps the most critical function of CAASM is the identification and mapping of new assets as they plug into and out of a network. It’s important to leverage comprehensive asset discovery tools to gain a true picture of what a changing attack surface looks like as those new assets appear. Network access control (NAC) 功能还可以帮助创建策略,以减少未经授权的访问尝试, 不良行为者是否应该利用尚未被识别的资产漏洞.
From there, security personnel can more easily define specific outcomes for assets or asset groups. 一旦这些结果确立, it’s simply a matter of running searches for all assets that do not meet these security criteria and subsequently prioritizing them for remediation. In this way, CAASM helps a SOC streamline inventory and remediation practices to help it gain greater efficiencies.
CAASM在许多方面不同于其他技术,但在其他方面也有相似之处. There are so very many platforms and methodologies out there to help security practitioners ensure their attack surfaces are as protected as they can possibly be. 在查看攻击面防护解决方案时, what are some key differences a buyer might consider before purchasing the right solution for their organization?
Continuous attack surface management (ASM) 始终监控组织数字足迹的总体概念是什么, 目标是缩小攻击面,加强公司的安全态势. ASM包含了我们将在这里讨论的所有方法. CAASM is essentially ASM through the filter of all of an organization's cyber assets on its network or that are attempting to access its network, both internally and externally.
The main difference between EASM and CAASM security is that the former typically focuses solely on external-facing assets while the latter focuses on both external and internal network assets, 因此,在任何给定时间都可以获得攻击面更完整的图像. 因为与CAASM相比,它更简单, EASM解决方案往往更容易设置,因此被更广泛地采用.
While CAASM solutions tend to focus on internal and external network assets – and therefore the data they share with the network and take off of it – a DRP solution typically aims its focus on an organization’s sensitive digital assets and their exposure to the internet and potential attackers as well as vulnerabilities that could result from that exposure.
Let's take a look at the situations that would most call for implementation of a CAASM solution to help protect an enterprise network as the proliferation of cyber assets creates more vulnerability.
ASM的目的是缩小所谓的攻击面, 这样一来,攻击者破坏网络的潜在接入点就会减少. But as we’ve discussed here, more assets interacting with an enterprise network means a greater proliferation of access points.
Implementing an effective CAASM solution can help to mitigate these concerns as more assets come onto the network. 让我们来看看这种解决方案的一些好处:
CAASM平台并不是网络资产管理的即插即用解决方案. Indeed, it will take the skill of experienced security practitioners to properly implement such a solution. But the value derived from a well-maintained and effective CAASM tool will mean a stronger and more secure network.