Aggregator

A vulnerability classified as critical has been found in Open Networking Foundation libfluid 0.1.0. This affects the function libfluid_msg. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-31181. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Open Networking Foundation libfluid 0.1.0. It has been rated as critical. Affected by this issue is the function fluid_msg::of13::TableFeaturePropNextTables::unpack. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-31178. The attack may be launched remotely. There is no exploit available.

Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries,” they noted. A way into corporate networks Ohio-based Foundation develops and provides specialized software products and services for companies in the construction industry. “The Foundation software includes a Microsoft SQL Server (MSSQL) instance to handle its database operations,” Huntress researchers explained. Unfortunately, for … More →

The post Hackers breaching construction firms via specialized accounting software appeared first on Help Net Security.

Learn about the top 4 security automation use cases that can streamline your cybersecurity efforts. This guide covers reducing enriching indicators of compromise (IoCs), monitoring external attack surface(s), scanning for web application vulnerabilities and monitoring for leaked user credentials - specifically email addresses. [...]

Ultimately, the goal of businesses and cyber insurers alike is to build more resilient IT environments to avoid cyberattacks and the ransom, downtime, and reputation hit that come along with them.

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.

Digital security has long relied on cryptographic systems that use complex mathematical problems (also known as algorithms) to keep sensitive data and transactions safe from unauthorized access. These algorithms were designed to be nearly impossible for classical computers to solve, ensuring robust protection and encryption for online activities like email communication, secure banking, and more. […]

The post Post-Quantum Cryptography: The Future of Secure Communications and the Role of Standards appeared first on Security Boulevard.

Komodor announced Klaudia, a GenAI agent for troubleshooting and remediating operational issues, as well as optimizing Kubernetes environments. Integrated within the Komodor Kubernetes Management Platform, Klaudia simplifies and accelerates root-cause analysis, empowering both platform and application teams with precise diagnostics to resolve issues with speed and precision. According to Gartner, “Infrastructure and Operations (I&O) teams commonly struggle to manage Kubernetes (K8s) clusters at scale due to the talent shortage — especially on heterogeneous scenarios (multicluster, … More →

The post Komodor Klaudia identifies the root cause of issues in Kubernetes appeared first on Help Net Security.

Credential Flusher is a method that allows hackers to steal login credentials directly from the victim’s web browser. The cyber attacks have become increasingly sophisticated, putting our personal information at risk. One of the latest and most insidious techniques is Credential Flusher, a method that allows hackers to steal login credentials directly from the victim’s […]

Boston, Mass., Sept. 18, 2024] — One Layer, the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform … (more…)

The post News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets first appeared on The Last Watchdog.

The post News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets appeared first on Security Boulevard.

10 Best Attack Surface Management Tools

What Is Attack Surface Management?

What Are the Different Types of Attack Surfaces?

Top Enterprise Attack Surface Management Tools

Selecting the Right Tool to Manage Your Attack Surface

Enhance Your Attack Surface Visibility with FireMon

Frequently Asked Questions

Get a Demo

10 Best Attack Surface Management Tools

As the cyberthreat landscape grows in both complexity and volume, organizations must adopt comprehensive strategies to protect their digital assets. One critical element of a vigorous cybersecurity program is attack surface management (ASM), which involves identifying, monitoring, and reducing potential attack vectors.

To identify the best attack surface management tools for enterprise, cybersecurity decision makers must understand what attack surface management is, and the types of attack surfaces they need to secure.

What Is Attack Surface Management?

Attack surface management refers to the continuous process of asset discovery, assessment, and risk mitigation associated with an organization’s network. This includes mapping all assets that could be potential entry points for malicious actors.

ASM involves several activities, including:

Asset Discovery

ASM tools identify the organization’s internet-facing assets. Rather than manually inputting your assets, asset discovery solutions use automation for attack surface mapping and inventory of company resources.

Asset discovery is used to identify the following types of assets:

• Known Assets: The organization is aware of these assets’ existence and is actively managing them. Known assets include user directories, websites, applications, servers, routers, and employee-owned or corporate-issued smartphones and computers.
• Unknown Assets: These assets use company networks without institutional approval or oversight. They include old software, abandoned websites, and unsupervised mobile devices and cloud services that access the company’s network.
• Vendor Assets: Although the company doesn’t own these assets, they’re part of its digital supply chain. They include public cloud assets, application programming interfaces (APIs), and software-as-a-service (SaaS) apps.
• Rogue Assets: This malicious infrastructure is created by threat actors to launch cyberattacks against a company. They include malware, phishing sites, and typo squatted domains.

Classification and Prioritization

Upon discovery, assets are categorized according to their risk exposure, criticality, and function to identify urgent security threats and make data-based decisions. Ordinarily, vital and easily exploitable issues take priority.

Remediation

The remediation process focuses on implementing measures to strengthen an organization’s security posture by addressing vulnerabilities and minimizing risk exposure.

Remediation measures that can improve security posture include:

• Reconfiguring systems Access controls
• Network segmentation
• Decommissioning vulnerable assets
• Adopting a zero-trust model

Continuous Monitoring

Continuous monitoring is necessary to counter emerging threats and assets. The goal is to identify new vulnerabilities and track changes to current ones. Remember, monitoring goes hand in hand with reporting.

What Are the Different Types of Attack Surfaces?

An attack surface is the sum of possible access points for unauthorized users to your systems. On the other hand, attack vectors, or threat vectors are specific attack routes to sensitive data.

Attack surfaces include:

Digital Attack Surfaces

Digital attack surfaces expose the software and hardware that link to a company’s network. Provided the hacker has an internet connection, they can exploit the following vectors to launch an attack:

• Misconfiguration: Cybercriminals can use incorrectly configured firewall policies, network ports, and wireless access points.
• Weak Credentials: Weak passwords are easier to guess or crack, allowing cybercriminals to steal data or spread malware, such as ransomware.
• Shared Directories: It’s not uncommon for hackers to steal data from collaborative directories or infect them with malware.
• Poor Encryption: Cybercriminals can intercept unencrypted data at different stages, whether the information is in processing, in transit, or at rest.

Physical Attack Surfaces

Physical attack surfaces comprise a company’s tangible assets.

Security risks include:

• Insider Threats: Dissatisfied employees can abuse access privileges to spread malware, disable devices, or obtain company data.
• Device Theft: When criminals access an organization’s physical premises, they can retrieve data from desktops, laptops, IoT devices, smartphones, servers, and other operational hardware.
• Access Control Systems: Attackers can use biometric scanners, security cameras, and keycards to gain unauthorized access to secure areas.

Top Enterprise Attack Surface Management Tools

The following is a list of the best attack surface management tools to help discover assets, monitor, and increase your security posture.

1. FireMon

FireMon’s asset discovery tool, Asset Manager, automatically discovers and maps all assets across the network in real time, creating a detailed inventory. This helps in identifying potential attack vectors and unmanaged assets that could be exploited.

FireMon’s network security policy management (NSPM) solution optimizes firewall rules and configurations to minimize unnecessary exposure and reduce the attack surface. It helps in removing redundant or overly permissive rules that could be exploited by attackers.

2. Qualys

Initially known as Qualys Cloud Platform or Qualysguard, the Qualys TruRisk Platform is a network security and vulnerability management tool. This platform offers security checks, application scanning, attack surface mapping, detection of network devices, and tools to prioritize and fix vulnerabilities. These features work together to help reduce and manage risk.

Qualys offers a comprehensive suite of features that prioritize real-time vulnerability management. It can continuously scan and identify security weaknesses across your network. The software solution also provides detailed asset discovery to catalog all hardware and software.

3. Tenable

Tenable’s Nessus vulnerability scanner offers extensive coverage of vulnerabilities with continuous real-time system assessments. It comprises built-in features for threat intelligence, prioritization, and real-time insights. Enterprises use it to identify and understand risks, allowing operators to prioritize and address them proactively.

Nessus enables businesses to detect potential vulnerabilities and focus on critical issues to streamline the threat remediation process. It also allows professionals to keep an audit trail and access detailed scan information. These include severity, status, and start and end times.

4. Rapid7

With a robust platform that helps protect your systems from attackers and grow with your needs, Rapid7 also ranks among the top attack surface management tools. The platform offers application security, vulnerability management, external threat intelligence, threat detection, and automation tools. It makes it a great choice for IT and DevOps teams who use them to quickly identify and respond to threats.

Rapid7 aims to make the digital world safer by simplifying cybersecurity and making it more accessible. The company provides security professionals with the research, tools, and expertise needed to manage today’s complex attack surfaces.

5. Microsoft Defender External Attack Surface Management

Microsoft’s Defender focuses on external attack surface management and is offered on Microsoft’s Azure platform. It can identify vulnerabilities and exposures in web-based resources and map out an organization’s unique online attack surface.

Microsoft Defender’s real-time inventory monitoring lets you point out, analyze, and categorize external-facing resources as they emerge. Organizations can use it to enhance their attack surface visibility and discover assets across various cloud environments, including hidden resources like shadow IT.

6. CrowdStrike Falcon Surface

CrowdStrike addresses security challenges by offering a solution that combines endpoint detection and response, next-generation antivirus, cyber threat intelligence, and security best practices.

Falcon Surface also provides full visibility into internet risks affecting businesses and prioritizes threats based on expert insights and business needs.

7. Mandiant

Mandiant provides users with over 250 pre-built integrations to discover assets and cloud resources and identify relationships with partners and third parties. Like many of the other ASM tools, Mandiant monitors network infrastructure continuously to detect exposures and ensure a smooth transition during cloud adoption and digital transformation.

Mandiant helps security teams with the ability to tackle real-world threats by identifying misconfigurations, vulnerabilities, and exposed areas that need attention.

8. Brinqa

Brinqa’s ASM platform includes features like a risk operations center, vulnerability risk management, and cloud risk management. Users can handle risks across their entire attack surface.

Brinqa creates a unified inventory of your attack surface by connecting all asset types, business context, threat intelligence, and security controls into a dynamic Cyber Risk Graph.

9. Cortex by Palo Alto Networks

This global platform by Palo Alto Networks reduces risks by assessing supply chain security, managing cloud security, and addressing various vulnerabilities. Cortex protects against remote access security issues, unpatched systems, insecure file sharing, sensitive business apps, IT portals, weak encryption, and exposed IoT devices.

Cortex Xpanse collects data from domain registrars, DNS records, and business databases to find and identify all of your internet assets. The solution can create a detailed and unique inventory of your online assets, uncovering unknown assets without needing to install or set up anything.

10. CyCognito

Cycognito’s cloud-based platform focuses on managing external attack surfaces. It uses bots and other tools to continuously scan, categorize, and map digital assets. The tool automatically identifies and ranks security risks as if they were real attackers

CyCognito mimics how attackers perform reconnaissance to proactively identify gaps in a company’s defenses.

Selecting the Right Tool to Manage Your Attack Surface

The list of available attack surface management solutions goes far past 10, and it can be difficult to determine what’s best for your organization. However, you may be able to narrow the field by keeping the following ASM best practices in mind:

Visibility Through Continuous Monitoring

Threats keep changing, and a strong cybersecurity program needs ongoing updates. This involves continuous monitoring with automated tools like security information and event management (SIEM) software to track and analyze data from various sources, including security operations integrations.

Prioritize the Most Critical Threats

Once you understand your attack surface, address the most serious vulnerabilities and risks before tackling less urgent issues. For instance, you can take assets offline and improve network security. A tool that provides both real-time visibility and monitors network changes makes prioritization easier.

Know Your Attack Surface

Understand where attackers might strike, which digital assets are at risk, and what protections are needed. Predictive modeling can help anticipate the impact of breaches. Effective defense strategies involve knowing what assets you have, monitoring for vulnerabilities, and using threat intelligence to stay ahead of potential attacks.

Enhance Your Attack Surface Visibility with FireMon

As network complexity increases, cyber asset management and attack surface monitoring become increasingly difficult. As your organization grows, so does the risk of introducing gaps in network visibility. This is where FireMon comes in.

FireMon Asset Manager provides real-time active, passive, and targeted network and device discovery to detect unknown, rogue, shadow clouds, network infrastructure, and endpoints in the enterprise.

Asset Manager can help to:

• Eliminate Blind Spots: Stay ahead of expanding attack surfaces by automatically discovering and cataloging networks, devices, and connections within your environment.
• Enrich Asset Data: Ensure operational intelligence by augmenting systems of record with accurate, up-to-date asset details and attributes.
•  Improve Data Fidelity in Systems of Record: Leverage API and integrations to provide continuous, complete asset information to your security stack.

Request a demo today and discover why FireMon is one of the best attack surface management tools for your enterprise.

Frequently Asked Questions What Are Attack Surface Management Tools?

Attack surface management tools are specialized cybersecurity solutions that help organizations discover assets, monitor, and reduce your attack surface. These tools continuously scan an organization’s networks to detect potential vulnerabilities or points of unauthorized access. Attack surface management tools enable organizations to proactively address security risks by providing comprehensive visibility into all assets.

What Should I Look for in Attack Surface Management Software?

When selecting an attack surface management vendor, it’s important to consider tools that offer real-time monitoring and alerts to promptly detect emerging threats. The software should also include robust risk assessment and prioritization capabilities. Additionally, consider ease of integration with existing security systems and a user-friendly interface.

Get 9x
BETTER Book your demo now Sign Up Now

Get a Demo

Customers

Customer Success Training Hub
User Center

Partners

Partner Directory
Partner Portal
Technology Partners

Company

About
Careers
Contact

The post 10 Best Attack Surface Management Tools appeared first on Security Boulevard.

An analysis of more than 39 million anonymized and normalized data points published today by Cycognito, a provider of platforms for discovering and testing attack surfaces, finds web servers accounted for more than a third (34%) of all the severe issues discovered.

The post Analysis Identifies Web Servers as Weakest Cybersecurity Link appeared first on Security Boulevard.

Austin, TX, 18th September 2024, CyberNewsWire

The post SpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity Measures appeared first on Security Boulevard.

LABScon 2024 is here! Get a pulse on some of the innovative research talks we are most excited about for this year's event.

The post LABScon 2024 | Security Research in Real Time – Talks Not to Miss appeared first on SentinelOne.

A vulnerability classified as problematic was found in Veribilim Software Veribase Order 4.010.2. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7873. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in favethemes Houzez Login Register Plugin up to 3.2.5 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to incorrect privilege assignment. This vulnerability is handled as CVE-2024-21743. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in favethemes Houzez Plugin up to 3.2.4 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to incorrect privilege assignment. The identification of this vulnerability is CVE-2024-22303. The attack may be initiated remotely. There is no exploit available.