网络资产攻击面管理(CAASM)是一种利用数据集成的平台工具, 转换, 和 analytics to provide a unified view of all physical 和 digital cyber assets that comprise an enterprise 网络.
CAASM政策有助于识别 曝光 以及网络上潜在的安全漏洞 攻击表面. 它们旨在作为具有所有权的资产信息的权威来源, 网络, 以及IT和安全团队的业务环境, 进一步了解整个安全组织.
CAASM可以与现有工作流程集成,以自动进行安全控制差距分析, 优先级, 和修复, 从而提高效率,打破团队和他们的工具之间的操作孤岛. 记住这一点很重要, 然而, 这些工具要保护的资产不仅仅是设备和基础设施.
A 安全运营中心(SOC) 通常将“资产”标记为用户、应用程序,甚至是应用程序代码. The key is for the security practitioners within a SOC to recognize the interconnectedness of these assets.
考虑这样一个场景:超过1000台服务器具有相同的漏洞. 快速评估每一个都变得费时费力, thus CAASM capabilities can step in to speed up the process by enriching cyber asset data to then automate the majority of analysis.
CAASM通过考虑网络资产的互联性和整体性来工作, 分析他们的弱点, 然后制定降低风险的政策. CAASM常见的关键绩效指标包括:
如上所述, assessing each vulnerability can become cost 和 time-prohibitive when there is such a multitude of assets to consider on one 网络. Automation helps by analyzing vulnerabilities faster as well as prioritizing them for remediation.
CAASM使组织能够利用分析来优化搜索结果, 识别趋势, 或者向特定的群体或个人传播特定的信息. 这种集成的方法提供了全面的攻击面可见性和映射 so a SOC can address risks 和 manage vulnerabilities more efficiently.
Perhaps the most critical function of CAASM is the identification 和 mapping of new assets as they plug into 和 out of a 网络. It’s important to leverage comprehensive asset discovery tools to gain a true picture of what a changing 攻击表面 looks like as those new assets appear. 网络访问控制(NAC) capabilities can also aid in the creation of policies to cut down on unauthorized access attempts, 不良行为者是否应该利用尚未被识别的资产漏洞.
From there, security personnel can more easily define specific outcomes for assets or asset groups. 一旦这些结果确立, it’s simply a matter of running searches for all assets that do not meet these security criteria 和 subsequently prioritizing them for remediation. 以这种方式, CAASM helps a SOC streamline inventory 和修复 practices to help it gain greater efficiencies.
CAASM在许多方面不同于其他技术,但在其他方面也有相似之处. There are so very many platforms 和 methodologies out there to help security practitioners ensure their 攻击表面s are as protected as they can possibly be. 在查看攻击面防护解决方案时, what are some key differences a buyer might consider before purchasing the right solution for their organization?
连续 攻击面管理(ASM) 始终监控组织数字足迹的总体概念是什么, 目标是缩小攻击面,加强公司的安全态势. ASM包含了我们将在这里讨论的所有方法. CAASM is essentially ASM through the filter of all of an organization's cyber assets on its 网络 or that are attempting to access its 网络, 对内对外.
两者的主要区别 EASM 和 CAASM security is that the former typically focuses solely on external-facing assets while the latter focuses on both external 和 internal 网络 assets, 因此,在任何给定时间都可以获得攻击面更完整的图像. 因为与CAASM相比,它更简单, EASM解决方案往往更容易设置,因此被更广泛地采用.
While CAASM solutions tend to focus on internal 和 external 网络 assets – 和 therefore the data they share with the 网络 和 take off of it – a 组成 solution typically aims its focus on an organization’s sensitive digital assets 和 their exposure to the internet 和 potential attackers as well as vulnerabilities that could result from that exposure.
Let's take a look at the situations that would most call for implementation of a CAASM solution to help protect an enterprise 网络 as the proliferation of cyber assets creates more vulnerability.
ASM的目的是缩小所谓的攻击面, 这样a的潜在接入点就更少了 威胁的演员 破坏网络. 但正如我们在这里讨论过的, 与企业网络交互的更多资产意味着接入点的更多扩散.
Implementing an effective CAASM solution can help to mitigate these concerns as more assets come onto the 网络. 让我们来看看这种解决方案的一些好处:
CAASM平台并不是网络资产管理的即插即用解决方案. 事实上, it will take the skill of experienced security practitioners to properly implement such a solution. But the value derived from a well-maintained 和 effective CAASM tool will mean a stronger 和 more secure 网络.