CAASM – Cyber Asset Attack Surface Management

By Uma Mahesh, Chief Information Security Officer, Prime Healthcare Services

The cyber security program is about understanding the threat landscape to the business and managing the risk. I use the analogy of the layers of an onion to describe the cyber security program- each layer representing the ‘people’, the ‘process’ and the ‘technology’. When you start peeling all the layers, the core represents the ‘Cyber Asset’, that which is really of value to the business.

The number of connected assets that can be referred to as ‘cyber assets’ is increasing with the goal to accelerate the delivery of complex business initiatives and create efficiencies in the modern business paradigm. Along with them, the expansion of the attack threat surface for connected assets is also increasing at an exponential rate. Cyber assets can be categorized into ‘internal’ and ‘external’ with some assets crossing into each other’s boundaries (we will give some examples later in the article).

Cyber Asset Attack Surface Management is an evolving technology that is trying to solve the complex problems of cyber asset visibility, its associated attack surface management, and giving enterprises context into cyber asset risk quantification. Gartner coined the term ‘CAASM’ and according to them, it is ‘an emerging technology that enables security teams to solve persistent asset visibility and vulnerability challenges. CAASM is a single pane of glass for enterprise cyber assets and the single source of truth for upsteam and downstream systems including cyber assets visibility, shadow IT assets, contextual relationships of the cyber assets mesh, purpose and stakeholders, associate risks and security posture management, threat landscape, a way to automate security operations and monitor cyber assets continuously for any anomalous behavior reducing security coverage gaps.

Internal Cyber assets consist of – IoT, IoMT, XIoT, PC, Cameras, Printers, Software, Access Controls, WiFi, Network Devices, HVAC, Data, SBOM, Cyber Security Controls, Users, etc..

External Asset consist of – Domains, URL, Sub-domains, DNS, Source code, Social Media, SSL, Employees, Third Party, Fourth Party, Contractors, Connected Vehicles, SBOM, Cloud Infrastructure etc.. to name a few

Having the visibility and capability to query cyber assets and their associated risks in near real-time and to prioritize them is invaluable to a cyber security program and the CISO. During an incident being able to identify the cyber assets, owners of the assets, and their exposure reduces the mean time to detect and respond. CAASM will be able to tell how many assets are there, what are the critical assets, what assets are talking to each other (lateral movement), what data is shared internally and externally, what is their exposure to threats, and the likelihood of impact for both internal and external assets.

Cyber Security Controls prevent threat actors who are already at the door, open source intelligence is knowing what information is publicly available that can be used by the threat actor against the organization to get to the door, like open ports, protocols, technologies used, data leaks, and source code leaks.

Adding threat intelligence to the cyber assets will help the cyber analysts to effectively use cyber security controls and secure the cyber assets. Being able to manage attack surface management for cyber assets and utilizing the security controls effectively is the CISO’s goal.

Supply chain attacks have been a low-hanging fruit for threat actors, not just compromising the vendor but several of the vendors’ customers. This has been a very attractive and quick form of compromise for threat actors and a high return on investment. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.CAASM helps not only with risk scoring of the vendors but also continuous monitoring.

Hot Topics

Related Articles