The Axur Platform is expanding its functionality with the addition of an External Attack Surface Management (EASM) solution. This new functionality is integrated with our AI-powered insights, which already monitor thousands of articles and reports on ongoing threat actor activity, to allow organizations to protect the most exposed assets of their IT infrastructure.

In this blog post, we'll cover what EASM is, why it's essential for every business, what features are already available in our solution, and why the integration with Cyber Threat Intelligence and AI insights makes both the Axur Platform and our approach to EASM even better.

What is EASM and what can it do?

External Attack Surface Management is a process for identifying vulnerabilities or potential risks in internet-facing IT assets – the external attack surface.

When left unmanaged, the external attack surface can be easily exploited by malicious actors. As external systems serve requests from the outside world, they're exposed to untrustworthy connections. If attackers find a security gap and reach the corporate network from the outside, they can advance to valuable assets and deploy ransomware or steal corporate information from sensitive databases.

Due to the dynamic nature of IT infrastructure deployments in fast-moving organizations, the most efficient way to manage this external surface is by scanning it from the outside – the same vantage point that an attacker would have.

This external security scan is smarter and more assertive when it checks for known vulnerabilities and potential risks or undesired behavior.

One key advantage of an external scan is the ability to find new devices as they come online. This can be used to identify policy violations or other undesired behavior, such as a development platform or internal system that was inadvertently set up to receive incoming connections. In this way, EASM works like a radar, mapping the business exposure to the internet.

EASM can be employed by organizations of nearly any size. If you own a domain name to receive corporate email or operate a website, you already have internet-facing assets that can be targeted by threat actors. That said, the challenge of managing this infrastructure usually grows as operations become more diverse and complex. 

Thankfully, leveraging EASM can be very simple. Setting up your corporate domain names for scanning is all it takes to start. Then, as you gain more visibility into your external attack surface, more hosts, devices, and technologies can be added for monitoring.

Here's how EASM can help a business improve their cybersecurity posture:

• Identify systems that should not be receiving external connections so they can be shut down.
• Discover "shadow IT" assets, such as dashboards, internal platforms, or search engines that were set up yet not documented.
• Ensure the use of compliant software. You can detect and remove unauthorized software, such as remote administration tools that might have been configured incorrectly or installed by mistake.
• Improve your vulnerability management program. Mapping your external infrastructure to help you keep an up-to-date list of devices and software platforms that must be monitored by your security team and be alerted when a new vulnerability is found.

Features of Axur EASM

The Axur EASM solution includes some key features to manage your external attack surface:

• Asset discovery — Once you add a domain name, our platform can find subdomains and other related assets. You don't have to add every single IP address manually.
• Service discovery — As it scans your assets, the EASM solution will find running services (such as remote administration tools) and provide a list of everything that was found for each device.
• Vulnerability management — A list of related Common Vulnerabilities and Exposures (CVEs) will be provided for each asset so that they can be mitigated to block potential attackers.
• Certificate management — If a TLS/SSL certificate is expired, this generates a warning so you can replace it. Browsers will produce error messages when an expired certificate is detected, so making sure those are always valid will provide a better experience. In some cases.
• Open ports — Although some open ports are normal in internet-facing assets, we provide the full list of open ports so you can ensure that the system is set up correctly. Certain services can be made more secure by avoiding common ports, while others can be used for DNS amplification attacks.
  

When combined with Axur Cyber Threat Intelligence and Artificial Intelligence, these functions will allow you to find and mitigate vulnerabilities faster.

The Axur advantage

The Axur Platform also includes a complete set of solutions for Cyber Threat Intelligence and Digital Risk Protection. With the addition of EASM, the Axur Platform offers an even richer set of features for every organization, all integrated into a single package for easy management and operation. Cybersecurity analysts can spend less time on alerts and make better decisions to protect the business.

EASM leverages AI-powered CTI insights,  available on the same platform. Our AI-generated dashboard provides a high-level overview of the business exposure and risk. The dashboard shows a list of the threat actors that are actively exploiting the vulnerabilities or assets in your organization, and vulnerability exploitation data can be used to make an informed decision on which security patches are the most urgent to protect your external attack surface.

The external attack surface is always exposed to the outside world. To maintain this infrastructure while avoiding data exposure and other digital security risks, it's essential that businesses maintain an external attack surface management initiative.

If you'd like to know more about how the Axur Platform can help transform your cybersecurity efforts, reach out to us.