CAASM – Cyber Asset Attack Surface Management Explained

August 17, 2023

FEATURED

Cyber Asset Attack Surface Management (CAASM) is a vital strategy for businesses to defend against online vulnerabilities.

However, the path to effective CAASM implementation isn’t without its challenges according to Thomas Mackenzie, Director of Product Strategy at Lansweeper.

You’ve probably heard the adage: “The only two certainties in life are: death and taxes.”

Well today, there is a strong case to add another certainty to that phrase: Cybercrime.

Technology Increases Risks

While digital transformation, increased adoption of cloud-first initiatives and the rise of the hybrid workforce are driving unprecedented innovation, increasing productivity and efficiency, and improving customer experience, they also introduce risk.

Social engineering scams and ransomware attacks are rampant.

A recent study found that 93% of companies were vulnerable to an external attacker breaching the network perimeter and gaining access to local network resources.

Even worse, only 45% have a well-defined way to assess their exposure to risk.

The stakes are high – financial losses, data theft or loss, and reputational damage can put an organisation out of business.

It’s no wonder then, that the market for cybersecurity solutions is exploding.

Growing at a CAGR of 13.4% between now and 2029, the global market for cybersecurity is projected to reach $376.32 billion.

In the first half of 2022 alone, a whopping $12.5 billion of venture capital was invested across 531 deals in the cybersecurity space.

While these investments will fuel the development of modern solutions capable of detecting and mitigating threats; and hiring and training IT security specialists to use them, all the money will be wasted without comprehensive data about the hardware and software assets they promise to protect.

Unfortunately, obtaining that critical data is extremely challenging.

More Assets, Not Enough Data

To protect the corporate network, you need to firstly know exactly what devices and software you have.

It’s like installing a security system in your home.

For reliable protection against a break-in, you need to know how many doors and windows you must secure.

Organisations of all sizes struggle with discovering and identifying their distributed IT estates, which now consist not only of physical devices and software assets, but virtual assets, operational technology (OT) and Internet of Things (IoT) devices.

The problem with IoT and OT devices is that they become prime targets for hackers and cybercriminals.

Even the largest brands with strict security practices are susceptible to attacks.

About 1.5 billion cyber-attacks on IoT devices were reported in 2020, and 80% of organisations do not routinely test their IoT apps for security vulnerabilities.

OT systems are critical to organisations and the public at large.

They’re also expensive and intended for long-term use, which means many are old and outdated.

Increasingly they’re more connected to corporate networks, and without regular patches and upgrades, they can be rife with vulnerabilities that hackers can easily exploit.

Another problem is “shadow IT” – hardware and software assets that are unsanctioned by the IT department and often unprotected – which consumes 30 – 40% of IT spending.

What’s more, the technology estate is rapidly changing and expanding to accommodate new modes of work and increased digitisation.

Most security tools available today are focused on threat detection and mitigation, not device discovery and recognition.

As a result, they must rely on data from outdated spreadsheets or CMDBs that contain inaccurate or incomplete data.

These manual methods of creating and maintaining inventories are slow and error-prone, and can’t keep pace with the rate of expansion.

As a result, most organisations don’t have a complete or accurate technology asset inventory, and therefore cannot possibly understand or protect the “attack surface”.

The sheer volume of physical and virtual technology assets IT organisations must track, manage and maintain necessitates new solutions that provide greater visibility and insights – and a reliable, proactive way to manage the rapidly growing cyber-attack surface.

What is the Attack Surface?

The attack surface encompasses all points of entry that can serve as attack vectors for unauthorised users to gain access to a system for malicious reasons.

Managing the Attack Surface

Not surprisingly, decision-makers are increasing their budgets for cybersecurity tools and solutions.

One critical tool to implement will be an effective and comprehensive Cyber Asset Attack Surface Management (CAASM) solution that enables an organisation to detect and identify any and all assets on the network that could potentially open the door for an attack, via outdated or unpatched software, encryption issues, weak passwords, or misconfigurations.

CAASM enables enterprises to isolate and disable shadow IT, unknown or orphaned assets, or any other potential entry points and attack vectors.

CAASM is essential in the modern enterprise and an effective CAASM strategy helps organisations get to grips with the asset attack surface, minimise risk and strengthen its overall cybersecurity posture.

Why CAASM?

To properly manage the growing attack surface, IT organisations must have full visibility into the technology assets they have – including shadow IT.

However, for most, there’s often no central source of truth containing complete and accurate technology asset data.

Manual paper-based processes are error-prone and incomplete, and forgotten or missed assets may be running outdated software or malware, creating security vulnerabilities that will inevitably compromise an organisation’s data and infrastructure.

What’s more, in the hybrid workforce, the BYOD trend has led to employees using personal devices – mobile phones, tablets and laptops – to access corporate resources from anywhere, and they’re extremely difficult to track and manage.

CAASM helps IT security teams overcome asset visibility and exposure challenges, by providing full visibility into all internal and external technology assets.

CAASM tools need accurate, up to date IT asset data to start from, by either ingesting data via an integration, or by actively scanning the network itself – as this is the starting point.

First you must know what you have before you can secure it.

Security professionals can query the data to look for potential vulnerabilities and get the information they need to take immediate action to correct any vulnerabilities, misconfigurations, or gaps in security controls.

Barriers to CAASM Adoption

Despite the clear benefits of CAASM, many organisations struggle to adopt the practice.

IT teams are resistant to implement another tool or solution or may find it difficult to justify spending budget on one, especially if they have other tools in place that provide partial visibility.

Some of the available CAASM solutions don’t monitor anything outside of traditional IT, leaving IoT and OT vulnerable.

And if they do, they are often cost-prohibitive, especially for large organisations with millions of assets to manage.

Scalability and licensing are major factors in the decision-making process, as well as ease of integration with other tools in the technology stack.

When selecting a solution, Gartner recommends the following:

  • Ask the vendor for a proof-of-concept or a trial version before you purchase to ensure the products are easy to implement in your environment.
  • Determine what you’ll be using your CAASM solution for, so you choose a solution with the right capabilities.
  • Look for solutions that cover internal and external asset visibility.
  • Make sure the solution covers not only IT systems, but IoT and OT systems, as well.
  • Prioritise solutions that can be leveraged for various use cases by multiple departments within the organisation.

One Tool to Rule Them All?

Sadly, there is no single tool that can do it all, so you have to choose an IT Asset Management (ITAM) partner that focus on what it does best – which should be discovering, detecting, and identifying assets on the network.

Make sure that your ITAM partner is open and interoperable by design and has the ability to connect seamlessly to a myriad of operational systems across your organisation’s technology stack – including CMDB, ITSM, SIEM & SOAR tools, and much more.

If you can feed those systems with always accurate and always up-to-date IT Asset data, then you will unlock enriched IT asset data and insights relevant for a broad range of uses.

This eliminates data silos and the operational overhead associated with chasing down information and toggling between tools to investigate and resolve security incidents.

Using a comprehensive CAASM strategy you can enable your IT team to maintain full visibility across an ever-expanding technology estate, analyse the attack surface to ensure proactive protection and streamline compliance with automatic scanning and reporting.

There might not be a single tool to rule them all, but with the right ITAM partner you can make sure you are in control of your IT estate.

Read Next