Why is asset discovery important?
With the rise of cloud and off-premises services, it is becoming more complex than ever for those managing cyber security to keep up with the ever-increasing number of assets available over the public Internet. The advent of cloud computing means even companies with small physical footprints can have a vast array of digital assets that can quickly become unmanageable.
A strong cyber security strategy includes multiple approaches, but in the context of asset discovery, it revolves around understanding what you have, where it is available, who can access it, and what vulnerabilities it presents. Fundamentally, without understanding what you have online, it’s impossible to know the risks it presents or mitigate the potential impact it could have on your organisation if it were exploited.
What is asset discovery?
Asset discovery is the process of identifying, organising, and recording an organisation's assets. Attack surface management primarily focuses on an organisation's assets available over the public Internet. This can include:
- Servers
- Domains
- Subdomains
- IP addresses
- IP ranges
- Services
- Certificates
- Components
- Cloud providers
- Web pages
Once you have an accurate record of all the assets under your control, you can understand exactly what risks your organisation is vulnerable to, and take action to reduce risk exposure or remove unnecessary assets and services from your infrastructure altogether.
Read our blog on asset discoveryTypes of assets and the risks they pose
An attack surface can include a range of at risk assets, and there are countless opportunities for assets to be created and forgotten about. An organisation might take steps to remove an asset, but these steps may not be effective and the asset is still available on the Internet.
Not all assets pose the same level of risk, but understanding them and how they can be exploited will give those managing the risks a better understanding of how to prioritise remediation efforts.
Domains and IPs
The common use of cloud hosting and availability of web tools, means it is now easier than ever to set up services on the Internet. The use of these services and tools can result in an attack surface which is always changing, such as a website hosted on a content delivery network (CDN), which results in constantly changing IP addresses.
As an organisation grows, undergoes a merger, or has a rebrand, it is not uncommon to set up new or experimental domains and IPs. This can also happen if you have different instances for emails or a marketing department looking to expand the website. In these cases, they may be forgotten but still connected to your primary domain or IP address.
Whatever the reason for the new domains or IPs, if forgotten about, malicious entities can use them to host illegitimate content using your name. In the past, we have seen examples of this, including fake cryptocurrency scams, fake competitions, or even pages that have been compromised.
The impact on an organisation cannot be understated. These scams can trick customers into getting involved and cause reputational damage that can be difficult to overcome.
ASM provides a range of management tools to make it easier for you to maintain hosted domains and IPs, helping to ensure assets aren’t forgotten and putting an organisation at risk.
Components
Modern digital infrastructure is built upon various components that keep different aspects of your website or domains running with the functionality today’s customer expects. To add to this complexity, each component will have a version and require regular updates as developers push updates and security fixes. Many organisations will use auto-updates to ensure these versions are as up-to-date as possible, but with multiple departments or employees involved, there is no guarantee these have been set.
Hexiosec ASM will identify component versions and uses this to match against the latest published vulnerabilities, ensuring you become aware of any assets at risk as soon as they are discovered by ASM. ASM rescanning then provides you with confirmation that component updates have been successful in mitigating the risk.
Certificates
TLS certificates are used to validate and help establish a secure connection between online services and the users connecting to them, most commonly a web browser connecting to a website. They help the web browser identify and validate the website before setting up a secure connection.
With the variety of these digital certificates and the fact they are often manually renewed, it is not uncommon for renewals to be missed and certificates to expire. When this happens, browsers like Google Chrome will start presenting users with a warning message that a certificate has expired, impacting access and causing potential reputational damage. Invalid or poorly maintained certificates can also put a website at greater risk of compromise by malicious actors. By understanding what certificates, you have and when they are due to expire, you can ensure you keep your services running as expected, with no unnecessary downtime or inconvenience to your customer.
Web pages
As an organisation’s website grows, it becomes more complex and incorporates richer content. While no one plans to, sometimes web pages can be forgotten. Internal web pages can be made public when they are meant to be private, or a login page could be open when it should be restricted to a VPN.
Without accurate oversight, attackers can take advantage of these forgotten or misconfigured web pages to exploit a website or gain access to other parts of a system or network. Routine monitoring and enumeration of your attack surface ensures that you know what is exposed, can monitor updates, and allows you to manage the tasks to address any risks.
Discover your own assetsChallenges of traditional methods
For even relatively small organisations, the ever-increasing number and complexity of digital assets means many manual processes have become ineffective at keeping up with the changes in threats and technologies used. More than ever, cyber security teams are expected to do more with fewer resources and limited time.
For example TLS certificates with a validity period of 90 or less are now recommended, as well as the use of different certificates for different domains. Manually updating multiple certificates every few months is time consuming and the practical solution is to use certificate automation technologies. Hexiosec ASM gives you the ability to do this with confidence, ensuring the certificates generate are and remain valid.
How attack surface management helps with asset discovery
This is where a competent attack surface management solution like Hexiosec ASM can help cyber security professionals in organisations of all sizes and industries complete effective asset discovery and ensure they are one step ahead of potential issues.
Hexiosec ASM will provide you with a detailed inventory of everything you have available online, recording and monitoring the vulnerabilities presented by those assets. This will give cyber security teams the information they need to make informed decisions and prioritise their resources more efficiently.
Hexiosec ASM excels at asset discovery. Its powerful enumeration capabilities set it apart from its competitors, requiring minimal input but providing more accurate information and fewer false positives.
Benefits of Hexiosec ASM
Discover your infrastructure
Unlike other tools that may require you to know all the Domains and IPs in your infrastructure, Hexiosec ASM enumeration capabilities mean from a single domain, it can discover all the domains and IP addresses associated with that domain. To enhance your results further, you can add multiple domains or IP addresses when creating a scan or once an initial scan has completed; it is possible to add them to increase the scope further and ensure you have an accurate record of all the assets in your infrastructure.
Uncover the unknown
If you don’t know about it, you can’t protect against the potential vulnerabilities or risks it presents. The “Web Presence” page gives you a screenshot of the web pages visible over the public Internet, showing you exactly how others see these pages. This, givinges you a visual understanding of what is available and helping helps you quickly identify whether it should be there. This is further enhanced with detailed information about the page, including components, services, and even redirects. The “Domains” and “IP Addresses” pages allow you to deep dive into the data behind each connection, allowing you see what is hosted on these and how they interconnect with the other pages and services. The “Graph” pages provides the most detailed and visual view of all assets in a scan and how they link together back to seed domains.
Quickly identify issues
The amount of data uncovered during an attack surface scan can quickly become overwhelming, even for the most experienced cyber security professional. Our team has crafted a user interface that immediately gives you all the information you need from the dashboard, making it understandable for anyone, even those with less technical inclination. This, combined with the ability to deep dive into the data for those looking to understand the issues presented in more detail, make it the perfect tool for teams looking to share their information but also that need accurate information to make fixes and improve the cyber security of their digital infrastructure.
Greater control of your scan data
With so much information, it is essential that false positives don’t muddy the waters or skew results. The ability to add multiple domains or IP addresses, allows you to build an accurate picture of your risks and vulnerabilities. However, if you are using CDN services, you will be utilising shared IP addresses that aren’t under your control. If you’d prefer not to see results for CDN IPs, the “Out of scope” functionality gives you the control to remove these from your scan results or de-scope other domains or IP addresses that shouldn’t be included in your results. Ensuring your scan data is as accurate and complete as possible.
Fewer manual processes
Teams with limited resources want to spend their time as effectively as possible. By removing manual processes from your workload, you can start utilising your time to positively impact your organisation by fixing issues, not finding them. Once set up, you can set your attack surface scan to run at intervals that suit your business needs, from daily to monthly. By automating this process, your team can work more efficiently, instantly providing value for your organisation.
Actions and remediation
Working with a team to manage your infrastructure is made easier through the use of the actions kanban board. Actions to fix categories of risks on domain or IP can be assigned and prioritised to members of your team, who can be given role based access control to the scan results. Hexiosec ASM provides detailed remediation detail for all actions and risks and regular scanning automatically marks resolved actions, confirming when risks have been fixed.
Get notified of changes
Adding more tools to an existing technology stack can be a pain for teams. However, this doesn’t have to be the case. Hexiosec ASM provides users with email updates that can be configured to their liking. By receiving scan change updates via email, you can ensure that you are on top of any new risks as they appear, and you don’t have to spend all your time using the tool.
Extensive API
Hexiosec ASM has a fully documented API enabling integration with other tools or working practices. The API allows full control scans and groups within your ASM account, including creation, triggering and updating scans. For completed scans, you can use the API to extract discovery, such as domains or the web images from pages discovered and risk data, or the actions for integration with other tasking tools. Finally for reporting to your stakeholders, you can trigger and download scan reports, providing a true end to end experience, all from the API.