Attack Surface Management
  1. Knowledge base
  2. Attack Surface Management

What are the Attack Surface Management capabilities?

Attack Surface Management is the continuous process of identifying, classifying, and managing the potential entry points (attack vectors) that an attacker could exploit to gain unauthorized access to a system or data.

Discover & identify your attack surfaces

For each asset type, you have several methods of identifying your assets to automatically incorporate them into continuous vulnerability assessments.

Network assets
Run scans of your networks to ensure you have identified all assets in your environment. For external environments, you can use the external scan resources from Holm Security to simulate visibility and accessibility across your networks.

You have Scanner Appliances for internal or local networks at your disposal, which you can strategically install to cover all your internal networks, no matter how segmented they are!

The scan automatically adds assets deemed active to your asset manager and adds a risk score to the asset.

Learn more about utilizing discovery scans to quickly identify active network assets

Web assets

When a network scan is run and identifies a host as having web services, the host is automatically marked as being ready to be added to the catalog. All web surfaces in the catalog can be added as web application assets and scanned with scan web app.

Learn more about incorporating web services found by network scans into web scan

Domain asset discovery

You can discover domains that you were unaware of by utilizing the domain asset discovery feature. It automatically checks for subdomains on the internet that match the domains you own. The newly discovered domains can then be added to your security center as an asset and worked with through vulnerability scans.

Learn more about how to set up domain asset discovery

Cloud-native assets

Easily monitor all your cloud-native assets and automate the detection of misconfigurations. supported vendors include:

  • Microsoft Azure
  • Amazon Web Services
  • Google Cloud
  • Oracle Cloud

Learn more about how to assess your cloud-native platforms

Inventory & classification

Establishing and regularly updating a comprehensive inventory of assets while e categorizing them according to their associated risks and levels of exposure.
It's important to continuously evaluate newly discovered assets. External assets, the most exposed assets in your environment, should always be incorporated into regular assessments.

Becoming familiar with the tagging feature is highly advisable, as it provides valuable insights into your asset inventory. Tags play a crucial role in organizing and managing assets, and much of this process can be automated using tag rules. Additionally, assets identified under specific conditions will be marked as Internet-facing, enhancing your visibility of potential vulnerabilities.

Learn more and start creating tags

Risk analysis

Evaluating the risk linked to each asset involves analyzing its level of exposure and the potential consequences of its compromise. After a vulnerability assessment is conducted on each asset, a risk score is automatically assigned based on various criteria. This sophisticated risk-scoring system simplifies the process of prioritizing assets, allowing organizations to focus on the most critical assets.

You can read more about how the risk score is calculated here.

Benchmark your risk score against others.
Through the industry benchmark widget, you can compare your risk score to others in the same industry and globally.
https://support.holmsecurity.com/knowledge/how-do-i-create-an-industry-benchmark-widget

Monitoring & management

Continuously monitor the external attack surface for changes and emerging threats and take steps to manage and reduce risks. Several features help you continuously monitor how your environment develops over time. 

Once you have started gathering data, these are some features you can use to continuously monitor. 

Dashboards
The dashboard can help you visualize your data; dozens of customizable widgets are relevant for tracking how the environment develops over time, both from an asset perspective and from vulnerabilities, including risk scores.

https://support.holmsecurity.com/knowledge/how-do-i-create-a-new-dashboard

Continuous monitoring
Create your own dedicated monitoring profiles to be alerted to specific events. Want to be notified if someone sets up a new web server in your environment? This is the perfect feature to instantly find out.

https://support.holmsecurity.com/knowledge/how-do-i-get-started-with-continious

Domain asset monitoring

This feature allows you to conduct ongoing internet scans to identify any assets linked to the domain names you may not know.

https://support.holmsecurity.com/knowledge/how-do-i-get-started-with-domain-asset-discovery

Vulnerability Manager
Create filters and selections to easily find information about specific vulnerabilities affecting your assets. Mitigate risk by following the remediation advice given for every vulnerability found.

https://support.holmsecurity.com/knowledge/how-do-i-get-started-with-vulnerability-manager