Jump to Content
Security & Identity

Focus on Outcomes: Attack Surface Reduction at Scale

September 18, 2023
Mandiant

Written by: Valerie Williamson


An organization’s attack surface is always expanding, making it a prime target for malicious actors to exploit unknown vulnerabilities in systems and networks. But, it also generates a large amount of security data from public-facing websites and applications to internal servers and databases. Parsing through this data to identify, prioritize, and remediate vulnerabilities—before attackers can act on them—can be a daunting task, even for the most experienced security teams.

To help today’s defenders combat the fatigue that comes from wading through a sea of data, we’re unveiling new capabilities to Mandiant Attack Surface Management (ASM) that enable an outcome-focused and risk-based approach to security. Security teams can now strategically scope their attack surface, prioritize vulnerabilities based on their likelihood of being exploited and the potential impact of an exploit, and deploy automation to free up time for more higher-value tasks, such as investigating and responding to incidents.

Introducing Outcome-based Asset Discovery

With Mandiant ASM predefined asset discovery workflows, customers can easily assess attack surface findings by specifying the type of scan activities performed based on the outcome they would like to achieve. The workflows are designed with security team outcomes and use cases in mind and offer an expanded set of capabilities to our customers. Workflows include:

  • External Discovery & Assessment: Identify shadow IT or unknown assets and vulnerabilities.
  • Authenticated Cloud Discovery & Assessment: Identify vulnerabilities across an organization’s cloud providers.
  • Code Repository Discovery & Assessment (Preview): Identify known accounts for secrets and discover unknown rogue repositories.
  • Suspicious Domain Discovery (Preview): Identify unknown suspicious properties on the web including typosquats and punycode domains.
  • Mobile App Discovery (Preview): Identify brand infringement or unauthenticated brand use.
  • Web Application Discovery (Preview): Identify web application endpoints derived from URLs.
  • Third-Party Monitoring (Ready-only): Assess the external security posture of subsidiaries, partners and supply chain vendors to help identify and mitigate third-party risk.

The new approach to asset discovery simplifies analyzing and actioning on external exposures. Security teams can easily segment relevant assets and related exposures to the appropriate teams. For example, a security team can use the Code Repository Discovery & Assessment workflow on public and private GitHub repositories and notify the administrator and development team if there are any suspicious commits or potentially leaked secrets.

https://storage.googleapis.com/gweb-cloudblog-publish/images/adm-dash_rjcu.max-1900x1900.png

Join us for a live discussion on Attack Surface Discovery at Scale on October 19 at 11 AM EST.

Attack Surface Reduction through SIEM and SOAR

Evaluating external asset exposures is only the first step. More importantly, security teams must use the processes and workflows they have already established to remediate and harden asset exposures. With the Mandiant ASM integration in Chronicle Security Operations, security teams can further streamline case creation, investigation, and remediation.

Chronicle Security Operations

Customers can automate attack surface reduction with the power of Mandiant ASM & Chronicle Security Operations. This integration enables customers to continuously identify and validate exploitable entry points into their organization, allowing the security team to prioritize investigation and remediation efforts on the exposures that have the most potential impact. Notable capabilities include:

  • Contextualize analyst investigations with exposure asset details and telemetry event data
  • Automatically prioritize mitigation activities on the exposures being targeted
  • Quickly find details on external assets and exposures using Unified Data Model (UDM) Search
  • Create playbooks and automate tasks based on external exposure cases
  • Take action on new exposures within minutes, not days
  • Centralize evidence of past and ongoing activity related to exposed assets

Learn more about the unified Chronicle Security Operations Platform.

Mandiant Attack Surface Management can help security teams strategically scope, assess and reduce their organization’s attack surface. To start assessing your attack surface, contact us for a trial.

Posted in