#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Attack Surface Management | Breaking Cybersecurity News | The Hacker News

Category — Attack Surface Management
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

EPSS vs. CVSS: What's the Best Approach to Vulnerability Prioritization?

Sep 26, 2024 Vulnerability Management / Security Automation
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don't factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don't have the time - or the budget - to waste on fixing vulnerabilities that won't actually reduce risk. Read on to learn more about how CVSS and EPSS compare and why using EPSS is a game changer for your vulnerability prioritization process.  What is vulnerability prioritization? Vulnerability prioritization is the process of evaluating and ranking vulnerabilities based on the potential impact they could have on an organization. The goal is to help security teams determine which vulnerabilities should be addressed, in what timeframe, or if they need to be fixed at all. This process ensures that the most critical risks are mitigated b
Focus on What Matters Most: Exposure Management and Your Attack Surface

Focus on What Matters Most: Exposure Management and Your Attack Surface

Aug 23, 2024 Attack Surface Management
Read the full article for key points from Intruder's VP of Product, Andy Hornegold's recent talk on exposure management. If you'd like to hear Andy's insights first-hand,  watch Intruder's on-demand webinar . To learn more about reducing your attack surface , reach out to their team today.   Attack surface management vs exposure management Attack surface management (ASM) is the ongoing process of discovering and identifying assets that can be seen by an attacker on the internet, showing where security gaps exist, where they can be used to perform an attack, and where defenses are strong enough to repel an attack. If there's something on the internet that can be exploited by an attacker, it typically falls under the realm of attack surface management. Exposure management takes this a step further to include data assets, user identities, and cloud account configuration. It can be summarized as the set of processes that allow organizations to continually and consistently evaluate
cyber security

Online Master's in Applied Intelligence

websiteGeorgetown UniversityCyber Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
The Facts About Continuous Penetration Testing and Why It's Important

The Facts About Continuous Penetration Testing and Why It's Important

Aug 22, 2024 Penetration Testing / Red Teaming
What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an evolving attack surface where periodic pentesting is no longer sufficient. Unlike traditional penetration testing, which is often performed annually or semi-annually, CASPT is an ongoing process that integrates directly into the software development lifecycle (SDLC), ensuring that vulnerabilities are discovered and addressed in real-time or near-real-time. CASPT is a proactive security measure designed to stay ahead of potential attackers by continuously evaluating the security posture of an organization. It enables security teams to identify critical entry points that could be exploited b
cyber security

Permiso Security's 2024 State of Identity Security Report

websitePermisoThreat Detection / Identity Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
Attack Surface Management vs. Vulnerability Management

Attack Surface Management vs. Vulnerability Management

Apr 03, 2024 Cybersecurity / Penetration Testing
Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they're not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface management assumes you have unknown assets and so begins with discovery. Let's look at both in more detail. What is vulnerability management? Vulnerability management is, at the simplest level, the use of automated tools to identify, prioritize and report on security issues and vulnerabilities in your digital infrastructure. Vulnerability management uses automated scanners to run regular, scheduled scans on assets within a known IP range to detect established and new vulnerabilities, so you can apply patches, remove vulnerabilities or mitigate any potential risks. These vulnerabilities tend to use a risk score or scale – such as CVSS – and risk calculations. Vulnerability sca
How to Manage Your Attack Surface?

How to Manage Your Attack Surface?

Jul 19, 2023 Attack Surface Management
Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. Let's look at why it's growing, and how to monitor and manage it properly with tools like  Intruder . What is your attack surface? First, it's important to understand that your attack surface is the sum of your digital assets that are 'exposed' – whether the digital assets are secure or vulnerable, known or unknown, in active use or not. This attack surface changes continuously over time, and includes digital assets that are on-premises, in the cloud, in subsidiary networks, and in third-party environments. In short, it's anything that a hacker can attack.  What is attack surface managemen
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform

These 6 Questions Will Help You Choose the Best Attack Surface Management Platform

Jul 17, 2023 Attack Surface Management
The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business? For anyone ready to find an  attack surface management (ASM) vendor , review these six questions before getting started to understand the key features to look for in an ASM platform and the qualities of the vendor who supports it. Refer to these as your quick guide for interviewing vendors to walk away with the most suitable ASM platform for your needs.  Checklist: 6 Questions to Ask Attack Surface Management Vendors  Does your platform have the capability to discover the unknown?  How do you prevent alert fatigue, prioritize alerts and remove false positives?  Can you track attack surface changes over time?  How do you plan to evolve the platform going forward? What services related to ASM do you offer? Can we demo or test run the pl
Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

Jun 27, 2023 Attack Surface Management
As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan coverage, among others. Given attack surface sprawl and evolving threats, many organizations are embracing  attack surface management (ASM)  tools to discover and address critical exposures. Asset discovery is an important capability to have, and one that's helping to drive the adoption of attack surface management tools and services. That said, asset discovery is only one aspect of effective attack surface management. Making the attack surface as impenetrable as possible takes offensive security that goes far beyond the discovery phase. Why Asset Discovery Isn't Enough  Given the complexity and ever-expanding scale of the digital infrastructure at most companies, cataloging all the known
Why Now? The Rise of Attack Surface Management

Why Now? The Rise of Attack Surface Management

Jun 12, 2023 Attack Surface Management
The term " attack surface management " (ASM) went from unknown to ubiquitous in the cybersecurity space over the past few years. Gartner and Forrester have both highlighted the  importance of ASM  recently, multiple solution providers have emerged in the space, and investment and acquisition activity have seen an uptick. Many concepts come and go in cybersecurity, but attack surface management promises to have staying power. As it evolves into a critical component of threat and exposure management strategies, it's worth examining why attack surface management has grown to become a key category, and why it will continue to be a necessity for organizations worldwide. What is Attack Surface Management?  Attack surfaces are rapidly expanding. The attack surface includes any IT asset connected to the internet – applications, IoT devices, Kubernetes clusters, cloud platforms – that threat actors could infiltrate and exploit to perpetuate an attack. A company's attack surface fa
How to Reduce Exposure on the Manufacturing Attack Surface

How to Reduce Exposure on the Manufacturing Attack Surface

May 18, 2023 Automated Security Validation
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for managing and monitoring industrial devices and machines, connecting OT to IT. Such connectivity enhances productivity, reduces operational costs and speeds up processes. However, this convergence has also increased organizations' security risk, making manufacturers more susceptible to attacks. In fact, in 2022 alone, there were 2,337 security breaches of manufacturing systems, 338 with confirmed data disclosure (Verizon, 2022 DBIR Report).  Ransomware: A Growing Threat for Manufacturers The nature of attacks has also changed. In the past, attackers may have been espionage-driven, targeting
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources