The term external attack surface management (EASM) is gaining traction amongst security vendors and analyst firms alike. External attack surface management encompasses a wide variety of public-facing assets, many of which security teams are aware of and have protected for years.
However, there are other attack vectors that have not previously been under the security or IT team’s jurisdiction. Case in point: brand protection and, more specifically, domain name monitoring.
Let’s dive into the growing field of external attack surface management, and what your business needs to do to protect your assets.
What is External Attack Surface Management?
The external attack surface refers to all of an organization’s Internet-facing assets, including those that are owned by the organization and those that are directly related to it. It is the sum of your publicly accessible systems, applications, and digital properties.
The external attack surface includes the cloud platforms and related services developers use, the SaaS solutions business units adopt, user endpoints, vendor-managed assets, IoT devices . . . the list goes on.
Many of the assets that comprise the external attack surface are already managed and protected to some extent. In fact, security organizations have been protecting portions of the external attack surface since the dawn of the Internet.
External attack surface management is a dynamic, rapidly growing landscape that has quickly outpaced security’s ability to keep up. The advent of social media, cloud services, and more recently, a shift to hybrid work have all caused the external attack surface to grow exponentially.
This has resulted in the need for continuous discovery, inventory, classification, and monitoring of the external attack surface – hence the “M” (management) in external attack surface management.
When external attack surface management is done well and organizations truly account for the entirety of their external attack surface, they obtain visibility of this landscape and an understanding of the interconnectedness of it all, which in turn enables organizations to defend it more effectively.
The Role of Brand Protection in External Attack Surface Management
A key area of the external attack surface that may be new to many security organizations is brand protection. Traditionally the domain of corporate legal, brand protection is focused on finding and stopping acts of brand infringement. Think, for example, counterfeit products or plagiarized logos. Prior to the Internet, brand protection was a manual effort performed by people.
Today, however, the Internet is a virtually limitless medium fraudsters can use to their advantage. Fraudsters have gone digital, and therefore so has brand protection. As you can probably guess, this all takes place via the external attack surface.
The attack vectors fraudsters use online are some of the same that cyber attackers leverage in their efforts to disrupt services, access your network and systems, and obtain sensitive data. In fact, fraud is part and parcel of a modern cyberattack. Social engineering and phishing are just two examples.
Despite the similarities between fraud for fraud’s sake and fraud for a data breach, brand protection expands the attack surface to include digital properties that security may not have managed in the past. These include:
- The Dark Web
- Domains used for email and web-based digital properties
- Social media platforms
- Marketplaces and app stores
- Comment fields, code repositories, and anywhere else people might share a URL
It’s important to cover all your bases when it comes to external attack surface management. Even if an attacker uses a less common avenue to access company data, it still can have just as detrimental of an impact.
How to protect your attack surface, and your brand
Domain monitoring is the foundation to protecting the company’s brand and covering a large portion of the external attack surface management. Domain monitoring involves continuously monitoring domain names and taking down those that are fraudulent – that is, typosquat domains that look like the real thing but are off by a character or two to fool the unsuspecting end user into believing that the destination URL or email domain is a trusted brand.
Most companies purchase high-risk typosquat domains to keep them out of attackers’ hands. However, for some businesses that might have thousands of top-level domains, it is financially infeasible to purchase them all.
Nor is it practical to manually hunt down typosquat domains that are being exploited. In 2020, the number of phishing and fraudulent sites targeting businesses increased 73% over 2019, to 7 million sites.
The only way to effectively monitor these domains is with sophisticated technology. A modern domain monitoring solution leverages AI and automation to identify thousands of typosquatting variations spanning 3,000+ TLDs, and then continuously monitors threat level conditions and domain name availability.
It’s worth noting that every company’s brand protection landscape differs. Where we see similarities is in industry verticals, where customers tend to take similar paths and use the same touch points on the Internet.
Of course, where customers go, attackers go. So, for example, fraudulent apps in mobile app stores are a high risk for financial institutions (and their customers) while in-game fraud is a high risk for game development companies (and their customers).
No industry or company is free of the risk of brand infringement or typosquatting. Domain monitoring is just one portion of an organization’s attack surface, but it is a significant one that prior to recently, may not have been on security’s radar. To do external attack surface management right, it will have to be.
Start Effectively Implementing External Attack Surface Management Practices Today
Bolster offers an expansive solution to meet your business’s unique brand protection needs. With automatic scanning and takedown technology, you can trust that we will provide external attack surface management support where you need it.
To see Bolster in action, and get started managing your external risks today, Request a Demo with our team.