Attack Surface Management FAQ
An attack surface comes from the network perspective of an adversary, the complete external asset inventory of an organization including all actively listening services (open ports) on each asset.
Attack Surface Mapping is the process of discovering and documenting the complete attack surface of an organization. An Attack Surface Map includes the hostnames and IP addresses of each externally facing asset, the listening ports on each, and as much meta-data about each asset as possible. Meta data may include software distribution and version information, IP geolocation, TLS stack information, and so on.
Tenable Attack Surface Management automatically discovers all domain names, hostnames, and IP address for each asset in an organization’s attack surface map. Tenable Attack Surface Management may collect over 120 columns of data about each asset. These assets may be located on-premises, in the cloud, hosted services, and more.
An asset is a combination of four values: IP address, Fully Qualified Domain Name (FQDN), Record Type, and Record Value. If any of the values differ, it is considered as a separate asset.
An organization can only secure what they know they own. Most companies have no documented Attack Surface Map at all. For those who do, it is common for the attack surface map to be highly incomplete and out-of-date, possibly leaving thousands of assets unidentified. The security team cannot protect these unidentified assets, often referred to as shadow IT, resulting in lost data and frequent cyber attacks. Tenable Attack Surface Management fills in the gaps in your data and gives you a high-fidelity view of your entire attack surface.
Tenable Attack Surface Management platform sends alerts in real time whenever an inventory changes such as when new servers are brought online, new ports open, and server software needs patching. Tenable Attack Surface Management continually monitors your attack surface and lets you know as it constantly evolves and changes.
Tenable Attack Surface Management also offers advanced technology fingerprinting by identifying CVEs, open ports, running services, thousands of software versions, geolocation, login forms, secret keys, ASNs, programming frameworks, HTML, and much more. Tenable Attack Surface Management can do all of this within minutes as opposed to days with a competitor.
The increased interest in Attack Surface Mapping is easy to explain. The adversary has been targeting an organization’s secondary and tertiary assets for exploitation, many unknown to the organization and not just the well-known primary systems. Often these unknown assets are legacy, long forgotten, and not adequately secured. These assets often connect to other sensitive areas of the network where a breach of highly sensitive data may be achieved.