ASM aims to empower security teams to have a current and complete inventory of assets and to ensure a proactive response to high-priority threats and vulnerabilities. So, ASM consists of five main processes. The details of each of those processes are as follows:
1. Asset Discovery
The first stage in ASM is identifying all internal and external assets that can be entry points to an organization’s IT infrastructure. The assets can be:
- Known assets: These include all assets known to an organization, such as routers, servers, IoT devices, cloud applications, workstations, databases, websites, etc.
- Unknown assets: These include shadow assets that are using network resources without the knowledge or approval of the IT security team, such as a new mobile device, illegal downloads, unauthorized cloud services, etc.
- Vendor or Third-party Assets: These include assets that are not owned by the organization but are included in its IT infrastructure, such as APIs, public cloud assets, SaaS applications, etc.
- Compromised or Malicious Assets: These include assets that are either stolen or created by threat actors to attack an organization, such as compromised data of an organization shared on the dark web, a phishing website reflecting the organization’s brand, etc.
In short, this ASM stage involves identifying all the assets that are linked with the organization and can be used to penetrate the network.
2. Classification
Once the assets are identified, the next stage is to classify them. It involves labeling the assets based on their properties, technical characteristics, type, compliance requirements, ownership, business criticality, potential vulnerabilities, etc. In short, this ASM stage is about enriching assets with information and creating a resourceful asset inventory.
3. Prioritization
It is not possible for any organization to fix all the attack vectors against all assets. So, once the assets are classified, they are analyzed to evaluate the exposure level, the exposure causes, and the type of attacks executable through those exposures. The security team can even give security ratings or risk scores to better reflect the exposure potential each asset holds.
After thorough analysis, the attack vectors are prioritized so that most potential vulnerabilities or exploitable assets are fixed first. In short, this ASM stage is to create one comprehensive list of vulnerabilities for all the known/unknown assets.
4. Remediation
Remediation is an important stage in ASM that involves remediating the vulnerabilities/assets based on the prioritized list. The remediation process can involve:
- Debugging application code
- Applying OS or software patches
- Eliminating rogue assets
- Setting security standards for shadow assets
- Fixing compliance issues
- Implementing data encryption
- And many more.
In short, this ASM stage is about implementing security measures to mitigate vulnerabilities and attack vectors.
5. Continuous Monitoring
Since the attack surface of organizations is continuously evolving with newly connected assets or changes in existing assets, the need for continuous monitoring becomes essential. Therefore, this ASM stage continuously monitors and assesses vulnerabilities and attack vectors in real-time. This way, security teams can get timely alerts of new potential vulnerabilities, leading to enhanced protection.
Redbot Social