Why Attack Surface Management/CTEM really matters

Our very own developer, Gabriel Poves, recently attended some training on ImmuniWeb Discovery which showcased some of the emerging threats in cybersecurity and why Attack Surface Management/CTEM (Continuous Threat Exposure Management) really matters. Today, we’ll dive into some of his key takeaways and share what you should learn about the threats and risks.

Why should you care about Attack Surface Management/CTEM and your dark web exposure?

Using eternal Attack Surface Management/CTEM or dark web exposure tools can help businesses identify and reduce their risk, carry out proactive security measures, save time and money and help prevent cyber-attacks. It’s also a big compliance issue. 

Here are a few core insights from the talk:

Your legal duties

Most businesses are required to maintain a comprehensive inventory of IT assets, software and data under most data protection and privacy protection laws and regulations worldwide. Your IT assets include multi-cloud environments, hybrid and shadow IT and third parties. That means you probably want real-time visibility over geolocation, data labelling, vulnerability testing and software licences.

Visibility without understanding the risks

Tools that don’t educate you about the external threat landscape provide a poor ROI. Frequently attackers have very different priorities and thus TTPs (tactics, techniques and procedures) than most white papers say, so dark web monitoring and CTI mapping on your assets can make your inventory more meaningful. Don’t be comforted by misleading benchmarking with your industry peers, you need to lead, not follow on cybersecurity.

Novel challenges and TTPs are to be continually considered

There’s a growing misuse of public ledgers and LLM models in various forms (from banal scams to IP theft), that creates a new threat landscape. Chained attacks of growing sophistication are coming (including those using GenAI) and well-planned attacks on third and fourth parties are surging. These aren’t chance strategies. Increasingly, we’re seeing coordinated and consolidated criminal efforts focused on specific businesses or sectors. 

Traditional EASM monitoring strategies are usually insufficient

If you just search by keywords, domains and IP addresses, you’re missing the forest for the trees. Shodan (Sentient Hyper-Optimised Data Access Network) is a search engine designed to map and gather information about internet-connected devices and systems. This is a great tool but it has nothing to do with modern EASM ( External Attack Surface Management) and cannot replace it. A solid way to start with EASM is to use Open-Source Intelligence (OSINT) in a zero-knowledge mode. Then add in all your other assets.

If that doesn’t make any sense to you, we can help.

Historical stereotypes create legal risks

If you’re doing narrow monitoring by domain names or keywords, that is insufficient. And, worryingly, overbroad monitoring is a good recipe for lawsuits and criminal prosecution, so don’t do that either. Remember that both the quality and quantity of findings are important, so ensure you know what to monitor. In the talk, it became clear that ImmuniWeb® Discovery leverages OSINT and award-winning AI technology to illuminate the attack surface and Dark Web exposure of a business across continuous self-assessment and vendor risk scoring, without being too broad-brush.

Collaboration with your legal team is essential

Lastly, it’s important to note that dark Web Monitoring and incident response are now a legal duty in most jurisdictions. Many, even minor, incidents require a legal response like disclosure as a matter of law. And the personal liability of cybersecurity professionals and executives is here, so chances simply cannot be taken with cybersecurity.

 

For all these reasons, it’s clear why Attack Surface Management/CTEM really matters, regardless of how small or large your operation is. If you need support to get a handle on your threat landscape and limit your exposure, please reach out today for a quick, no-obligation chat.