Aug 10, 2022

The challenges of managing the modern external attack surface Qualys recently added External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. In this interview for Help Net Security, Kunal Modasiya, VP of Product Management at Qualys, discusses how the new component, integrated into CyberSecurity Asset Management 2.0, adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. What do the External Attack Surface Management (EASM) capabilities in the Qualys Cloud Platform bring to the table? Qualys’ External Attack Surface Management (EASM) capabilities are natively integrated into CyberSecurity Asset Management 2.0 . The new component adds the outside-in external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. Qualys EASM allows customers to continuously monitor and reduce the entire enterprise attack surface including internal and internet-facing assets and discover previously unidentified exposures. It helps synchronize with CMDBs, detect security gaps like unauthorized or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains – and ultimately allows organizations to mitigate risk by taking the appropriate actions. What’s unique about the Qualys approach to EASM? In today’s tumultuous threat landscape, it is imperative for companies to move away from siloed and disparate point solutions, cut through the noise and better understand where their risks are and how to protect their blind spots. At a foundational level, Qualys’ vision mirrors this need and works to simplify cybersecurity for everyone – with one platform and one agent – to ultimately have one workflow that discovers all IT assets in an environment, reduces exposure windows through patching and uses all context gathered to monitor a system. EASM furthers this vision as an extension of Qualys CSAM – it supports and enhances the same great features as it does for internal and managed assets: Automatically categorize your assets and add your own context with dynamic, rule-based tagging Synchronize bidirectionally with your CMDB, keeping your CMDB up-to-date and enriching Qualys with business metadata such as owners, business application, and criticality Easily keep your compliance teams informed with out-of-box, customizable reporting Provide a 360-degree view of your assets, security, and compliance posture with Unified Dashboards Configure rule-based alerts to notify teams through their preferred notification channels As a result of its integration with the Qualys Cloud Platform, cybersecurity teams can easily transition from discovering unknowns to fully inventorying all aspects of these assets. Qualys places them into a proper security context, assesses them for vulnerabilities and misconfigurations, which allows customers to prioritize risks and rapidly remediate – all from a single, unified platform. What are the main benefits of Qualys CyberSecurity Asset Management 2.0 with EASM for enterprise users? Through the inclusion of External Attack Surface Management into Qualys CyberSecurity Asset Management 2.0, Qualys is tilting the playing field against attackers and giving added advantage to its customers. This new capability enables: Discovery: Automatically discover your assets exposed to the internet, including ones from your subsidiaries, mergers, and acquisitions Attribution: Understand asset attribution by showing how an asset is discoverable on the internet and how it’s associated to your organization Business context: Understand the context of each asset, including when and how it was created, by providing information such as DNS and WHOIS records Continuous risk assessment: Know asset configuration/misconfiguration, including unsanctioned open ports, unapproved services and application stacks, and expired or expiring SSL certificates; See potential vulnerabilities with automated lightweight scans and integration with sources like Shodan Real-time visibility: Gain visibility of previously unknown or unmanaged assets by correlating with your existing inventory within Qualys CSAM, to identify previously missing assets Risk mitigation: Activate and orchestrate Qualys full vulnerability scans through one-click automated workflow to confirm vulnerabilities on new assets, and then prioritize to rapidly remediate risk Overall, EASM greatly benefits organizations by allowing them to reduce the unnecessary attack surface – e.g., the threat from “unknown unknowns” – as much as possible. It meets the need of cybersecurity teams to continuously monitor their external attack surface, track changes and receive notifications when new, unknown assets or critical issues are found. How does EASM help IT security teams in their daily operations? Full asset visibility remains one of cybersecurity’s most elusive goals and a huge headache for many organizations, with attackers most often exploiting public-facing web assets that are poorly defended. In the era of the cloud, assets are highly dynamic and ephemeral, often difficult to detect using traditional scanning. This paired with the number of internet-facing devices and assets proliferating, has expanded the attack surface exponentially. EASM helps today’s organizations through its continuous process of discovering, classifying and assessing the security of all assets. It accurately maps the attack surface, and its effective protection – which ultimately mitigates the risk of a successful attack. EASM helps cybersecurity teams automatically associate and add context to assets related to their organization, no matter where the asset is hosted or by whom. It unveils if an attacker’s reconnaissance will find a path to their organization’s crown jewels before they know about it, and sheds light on exposure to certain vulnerabilities and risks from exploits, attack vectors, the ease/difficulty of exploitation and the remediation complexities to correct exposure. Daily Newsletter - E-mail sent every business day with a recap of the last 24 hours Weekly Newsletter - E-mail sent every Monday with a recap of the last 7 days (IN)SECURE Magazine - E-mail sent when a new issue is released