Scratching the surface: how to secure a bigger attack surface in a changing IT landscape
Changing work habits and a growing digital landscape have significantly expanded the assets and data organisations need to manage and protect. These assets and critical data are spread across various environments inside and outside the traditional network perimeter - making it harder to maintain security with limited resources. What can you do? External Attack Surface Management (EASM) is the answer.
Like many businesses, you’ve embraced cloud, IoT, and hybrid working and probably also found that you need a more evolved approach to cybersecurity. You have more users working in more spaces, more devices and assets in more locations, and more data in more places. With significant changes to your network perimeter, more SaaS applications and cloud storage, and a growing reliance on third-party ecosystem apps, your attack surface has expanded considerably. In other words, you are more exposed as a target for malicious actors to hit and inflict damage.
Meanwhile, the types and frequency of attacks have increased. Phishing techniques, for example, have continued to grow in sophistication. AI is being used by attackers to make them more convincing than ever and to increase the scale and automation of attacks. According to Orange Cyberdefense Security Navigator 2024, there was a 30% increase year-on-year in detected cybersecurity incidents, with end-user devices the most impacted asset at 28%[1]. The past year saw the highest number of cyber extortion victims ever, with an increase of 46% worldwide and a geographical shift towards Asia Pacific and EMEA.
Traditional cybersecurity is no longer enough
Security testing must be customised to every organisation’s needs, risks, and resources. While approaches vary, three fundamental principles remain consistent: testing everything, ensuring accuracy to minimise false positives, and conducting frequent tests – ideally weekly - to achieve full coverage and maintain effectiveness.
On average, companies use 53 security tools[2], made up of a mix of commercial and open-source solutions. However, these tools often fall short in terms of coverage, accuracy, and frequency. Overextending these tools to stretch budgets leads to more work, less value, and a false sense of security.
Orange Cyberdefense finds that vulnerability scanning covers only about 60% to 70% of known assets, while penetration testing offers even less coverage, as it typically focuses on high-value assets. Vulnerability scanners are helpful but notorious for generating false positives due to their reliance on unvalidated CPE and CVE mappings. Penetration testing, while more accurate because it’s human-validated, is limited in scope, time-consuming, and dependent on the expertise of those conducting tests. Moreover, pen testing is typically carried out periodically, focusing on predefined IP ranges and web servers, which leaves gaps in areas like shadow IT, SaaS, and cloud environments. Traditional methods often only address around 30% of an organisation’s attack surface, leaving 70% untested and vulnerable.
While the attack surface continues to grow, traditional cybersecurity methods are no longer sufficient for keeping all your external-facing assets safe. Attackers don’t work to the same schedule you do – they’re constantly evolving their techniques and launching attacks continuously. So, annual, quarterly, and even monthly assurance activities aren’t enough to keep up with the rate of change in the frequency and tactics of bad actors. This is where External Attack Surface Management (EASM) comes in.
What is EASM and how does it help?
EASM is the practice of identifying potential vulnerabilities and security gaps in your public-facing digital attack surface. It’s a more proactive and continuous approach that works as hard to keep your assets safe as your attackers do to try and do you harm.
EASM works continuously to discover and map your entire digital attack surface, identifying the boundaries of your public-facing IT assets. It provides an attacker’s view of your external attack surface using real-world reconnaissance techniques, so you can see your assets just as the attackers would. Through a combination of ongoing techniques including penetration testing, vulnerability assessments, red teaming, zero-day hunts, and automated scanning, EASM continuously assesses your perimeter and asset ecosystem for vulnerabilities and risks. And thanks to real-time insights and continuous monitoring, you gain immediate visibility and remediation of potential threats across your IT estate. This ensures a constantly updated view of your external attack surface, offers enhanced protection, and minimises the risk of exploitation.
领英推荐
This approach also helps to meet forthcoming legislation that requires a more proactive cybersecurity model. In Australia, the Australian Prudential Regulation Authority (APRA), which regulates financial services, recently released a Practice Guide ahead of the Prudential Standard CPS 230, which will come into effect on July 1st, 2025. CPS 230 focuses on operational risk management, and the legislation presents an opportunity for companies to establish a continuous posture like EASM.
Singapore has similar regulations from the Monetary Authority of Singapore[3], as does Hong Kong[4], and it’s likely that comparable regulations will follow in more industries.
Orange Cyberdefense is your expert EASM partner
Orange Cyberdefense EASM combines our world-class security expertise with data analysis at scale to give you a comprehensive security posture designed for today’s bigger attack surface. In addition to our in-house expertise, we deploy a platform called watchTowr[5] that uses advanced adversary tactics and real-time reconnaissance to provide an attacker’s view of your external attack surface. watchTowr assesses your entire digital footprint, including shadow IT, unknown SaaS platforms, IoT, cloud environments, infrastructure providers, subsidiaries and more.
We also integrate EASM with advanced security solutions like zero trust architecture and employ AI and machine learning (ML) to evaluate threat information and vulnerability data. This gives you a risk score for each asset. Our proactive and risk-based approach is designed to reduce potential threats to your attack surface and ensure the most severe threats are addressed first, improving your overall security posture.