The term external attack surface management (EASM) is gaining traction amongst security vendors and analyst firms alike. EASM encompasses a wide variety of public-facing assets, many of which security teams are aware of and have protected for years. However, there are others that have not previously been under security’s jurisdiction. Case in point: brand protection and, more specifically, domain name monitoring.
What is EASM?
The external attack surface refers to all of an organization’s Internet-facing assets, including those that are owned by the organization and those that are directly related to it. It is the sum of your publicly accessible systems, applications, and digital properties. The external attack surface includes the cloud platforms and related services developers use, the SaaS solutions business units adopt, user endpoints, vendor-managed assets, IoT devices . . . the list goes on.
Many of the assets that comprise the external attack surface are already managed and protected to some extent. In fact, security organizations have been protecting portions of the external attack surface since the dawn of the Internet.
The external attack surface is a dynamic, rapidly growing landscape that has quickly outpaced security’s ability to keep up. The advent of social media, cloud services, and more recently, a shift to hybrid work have all caused the external attack surface to grow exponentially. This has resulted in the need for continuous discovery, inventory, classification, and monitoring of the external attack surface – hence the “M” (management) in EASM.
When EASM is done well and organizations truly account for the entirety of their external attack surface, they obtain visibility of this landscape and an understanding of the interconnectedness of it all, which in turn enables organizations to defend it more effectively.
The role of brand protection in EASM
A key area of the external attack surface that may be new to many security organizations is brand protection. Traditionally the domain of corporate legal, brand protection is focused on finding and stopping acts of brand infringement. Think, for example, counterfeit products or plagiarized logos. Prior to the Internet, brand protection was a manual effort performed by people. Today, however, the Internet is a virtually limitless medium fraudsters can use to their advantage. Fraudsters have gone digital, and therefore so has brand protection. As you can probably guess, this all takes place via the external attack surface.
The attack vectors fraudsters use online are some of the same that cyber attackers leverage in their efforts to disrupt services, access your network and systems, and obtain sensitive data. In fact, fraud is part and parcel of a modern cyberattack. Social engineering and phishing are just two examples.
Despite the similarities between fraud for fraud’s sake and fraud for a data breach, brand protection expands the attack surface to include digital properties that security may not have managed in the past. These include:
• The dark web
• Domains used for email and web-based digital properties
• Social media platforms
• Marketplaces, app stores, etc.
• Comment fields, code repositories, and anywhere else people might share a URL
🔌 Quick Plug: Check out Bolster's Brand Protection Solution
How to protect your attack surface and your brand
Domain monitoring is the foundation to protecting the company’s brand and covering a large portion of the external attack surface. Domain monitoring involves continuously monitoring domain names and taking down those that are fraudulent – that is, typosquat domains that look like the real thing but are off by a character or two to fool the unsuspecting end user into believing that the destination URL or email domain is a trusted brand.
Most companies purchase high-risk typosquat domains to keep them out of attackers’ hands. However, with there being more than 3,000 top-level domains, it is financially infeasible to purchase them all. Nor is it practical to manually hunt down typosquat domains that are being exploited. In 2020, the number of phishing and fraudulent sites increased 73% over 2019, to 7 million sites. The only way to effectively monitor these domains is with sophisticated technology. A modern domain monitoring solution leverages AI and automation to identify thousands of typosquatting variations spanning 3,000 plus TLDs, and then continuously monitors threat level conditions and domain name availability.
It's worth noting that every company’s brand protection landscape differs. Where we see similarities is in industry verticals, where customers tend to take similar paths and use the same touch points on the Internet. Of course, where customers go, attackers go. So, for example, fraudulent apps in mobile app stores are a high risk for financial institutions (and their customers) while in-game fraud is a high risk for game development companies (and their customers).
No industry or company is free of the risk of brand infringement or typosquatting. Domain monitoring is just one portion of an organization’s attack surface, but it is a significant one that prior to recently, may not have been on security’s radar. To do EASM right, it will have to be.
OR Request a Demo to get started.