Attack Surface Management
      Back to home
      1. Knowledge Base
      2. Attack Surface Management

      What are the Attack Surface Management capabilities?

      Attack Surface Management is the continuous process of identifying, classifying, and managing the potential entry points (attack vectors) that an attacker could exploit to gain unauthorized access to a system or data.

      Discover and identify your attack surfaces

      For each asset type, you have several methods of identifying your assets to automatically incorporate them into continuous vulnerability assessments.


      Network assets
      Run scans of your networks to ensure you have identified all assets in your environment. 
      For external environments, you can use the external scan resources from Holm Security to simulate visibility and accessibility across your networks. 
      You have scanner appliances for internal or local networks at your disposal, which you can strategically install to cover all your internal networks, no matter how segmented they are!
      The scan automatically adds assets deemed active to your asset manager and adds a risk score to the asset.
      Learn more about utilizing discovery scans to quickly identify active network assets.

      Web  Assets
      When a network scan is run and identifies a host as having web services, the host is automatically marked as being ready to be added to the catalog. All web surfaces in the catalog can be added as web application assets and scanned with scan web app.
      Learn more about incorporating web services found by network scans into web scans.

      Domain Asset Discovery

      You can discover domains that you were unaware of by utilizing the domain asset discovery feature. It automatically checks for subdomains on the internet that match the domains you own. The newly discovered domains can then be added to your security center as an asset and worked with through vulnerability scans.
      Learn more about how to set up domain asset discovery.

      Cloud Native Resources
      With our dedicated Cloud Security, you can easily monitor all your available cloud resources in specific cloud environments. Cloud security posture management (CSPM) is the practice of controlling cloud infrastructure risk. Cloud Security automates the detection of misconfigurations across cloud resources. supported vendors include:
      • Microsoft Azure
      • Amazon Web Services
      • Google Cloud
      • Oracle Cloud

      https://support.holmsecurity.com/knowledge/how-do-i-scan-my-cloud-environment

      Inventory and classification

      Establishing and regularly updating a comprehensive inventory of assets while e categorizing them according to their associated risks and levels of exposure.
      It's important to continuously evaluate newly discovered assets. External assets, which are the most exposed assets in your environment, should always be incorporated into regular assessments.

      Becoming familiar with the tagging feature is highly advisable, as it provides valuable insights into your complete asset inventory. Tags play a crucial role in organizing and managing assets, and much of this process can be automated using tag rules. Additionally, assets identified under specific conditions will be marked as Internet-facing, enhancing your visibility of potential vulnerabilities.
      Learn more and start creating tags.

      Risk analysis

      Evaluating the risk linked to each asset involves analyzing its level of exposure and the potential consequences of its compromise. After a vulnerability assessment is conducted on each asset, a risk score is automatically assigned based on various criteria. This sophisticated risk-scoring system simplifies the process of prioritizing assets, allowing organizations to focus on the most critical assets.
      You can read more about how the risk score is calculated here.

      Benchmark your risk score against others.
      Through the industry benchmark widget, you can compare how well you are performing in terms of risk score compared to others within the same industry and globally.
      https://support.holmsecurity.com/knowledge/how-do-i-create-an-industry-benchmark-widget

      Monitoring and management

      Continuously monitor the external attack surface for changes and emerging threats and take steps to manage and reduce risks. Several features help you continuously monitor how your environment develops over time. 

      Once you have started gathering data, these are some of the features you can use to continuously monitor. 

      Dashboards
      The dashboard can help you visualize your data; dozens of customizable widgets are relevant for tracking how the environment develops over time, both from an asset perspective and from vulnerabilities, including risk scores.
      https://support.holmsecurity.com/knowledge/how-do-i-create-a-new-dashboard

      Continuous monitoring
      Create your own dedicated monitoring profiles to be alerted to specific events. Want to be notified if someone sets up a new web server in your environment? This is the perfect feature to instantly find out.
      https://support.holmsecurity.com/knowledge/how-do-i-get-started-with-continious

      Domain asset monitoring

      This feature allows you to conduct ongoing internet scans to identify any assets linked to the domain names you may not know.
      https://support.holmsecurity.com/knowledge/how-do-i-get-started-with-domain-asset-discovery

      Vulnerability Manager
      Create filters and selections to easily find information about specific vulnerabilities affecting your assets. Mitigate risk by following the remediation advice given for every vulnerability found. 
      https://support.holmsecurity.com/knowledge/how-do-i-get-started-with-vulnerability-manager