Attack Surface Management FAQ
What is an attack surface?
An attack surface comes from the network perspective of an adversary, the complete external asset inventory of an organization including all actively listening services (open ports) on each asset.
What is Attack Surface Mapping?
Attack Surface Mapping is the process of discovering and documenting the complete attack surface of an organization. An Attack Surface Map includes the hostnames and IP addresses of each externally facing asset, the listening ports on each, and as much meta-data about each asset as possible. Meta data may include software distribution and version information, IP geolocation, TLS stack information, and so on.
What types of things does Tenable Attack Surface Management help map?
Tenable Attack Surface Management automatically discovers all domain names, hostnames, and IP address for each asset in an organization’s attack surface map. Tenable Attack Surface Management may collect over 120 columns of data about each asset. These assets may be located on-premises, in the cloud, hosted services, and more.
What is considered an asset in Tenable Attack Surface Management?
An asset is a combination of four values: IP address, Fully Qualified Domain Name (FQDN), Record Type, and Record Value. If any of the values differ, it is considered as a separate asset.
What is a record type in Tenable Attack Surface Management?
Record types in Tenable Attack Surface Management are Domain Name System (DNS) records.
How does Attack Surface Mapping help keep organizations secure?
An organization can only secure what they know they own. Most companies have no documented Attack Surface Map at all. For those who do, it is common for the attack surface map to be highly incomplete and out-of-date, possibly leaving thousands of assets unidentified. The security team cannot protect these unidentified assets, often referred to as shadow IT, resulting in lost data and frequent cyber attacks. Tenable Attack Surface Management fills in the gaps in your data and gives you a high-fidelity view of your entire attack surface.
What other features does the Tenable Attack Surface Management service have?
Tenable Attack Surface Management platform sends alerts in real time whenever an inventory changes such as when new servers are brought online, new ports open, and server software needs patching. Tenable Attack Surface Management continually monitors your attack surface and lets you know as it constantly evolves and changes.
Tenable Attack Surface Management also offers advanced technology fingerprinting by identifying CVEs, open ports, running services, thousands of software versions, geolocation, login forms, secret keys, ASNs, programming frameworks, HTML, and much more. Tenable Attack Surface Management can do all of this within minutes as opposed to days with a competitor.
There has been an increased interest in Attack Surface Mapping over the past few years, why do you think that is?
The increased interest in Attack Surface Mapping is easy to explain. The adversary has been targeting an organization’s secondary and tertiary assets for exploitation, many unknown to the organization and not just the well-known primary systems. Often these unknown assets are legacy, long forgotten, and not adequately secured. These assets often connect to other sensitive areas of the network where a breach of highly sensitive data may be achieved.