Security Boulevard

Recently, two memory-related flaws were discovered in QEMU, a popular open-source machine emulator and virtualizer. The vulnerabilities, identified as CVE-2024-26327 and CVE-2024-26328, affect QEMU versions 7.1.0 through 8.2.1. Both vulnerabilities stem from mishandling of memory operations within the QEMU codebase. An attacker could exploit these issues to trigger a buffer overflow or out-of-bounds memory access, […]

The post Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS appeared first on TuxCare.

The post Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS appeared first on Security Boulevard.

Blog: Best 10 Regulatory Change Management Software of 2024 According to a recent KPMG report, 43% of Chief Ethics and Compliance Officers (CCOs) find new regulatory requirements their greatest challenge. To manage these changes effectively, 45% will focus on automating compliance processes over the next two years.  The Current Landscape Regulatory change management solutions have […]

The post Best 10 Regulatory Change Management Software of 2024 appeared first on Centraleyes.

The post Best 10 Regulatory Change Management Software of 2024 appeared first on Security Boulevard.

As per recent reports, the RansomHub ransomware group threat actors have stolen data from at least 210 victims ever since the group’s inception in February 2024. The victims of these attacks span across various sectors. In this article, we’ll dive into all the details and learn more about the attacks. Let’s begin! Understanding RansomHub Ransomware […]

The post RansomHub Ransomware Targets 210 Victims Since February 2024 appeared first on TuxCare.

The post RansomHub Ransomware Targets 210 Victims Since February 2024 appeared first on Security Boulevard.

How the seven functions of IAM power identity-first security Today’s corporate security architecture is built on the cornerstone of identity and access management (IAM). And seven underlying functions, all beginning with the letter “A”, respectively, form the foundations of IAM: authentication, access control, authorization, administration and governance, attributes, audit and reporting, and lastly, availability.  Appropriately,...

The post Understanding the 7 A’s of IAM appeared first on Strata.io.

The post Understanding the 7 A’s of IAM appeared first on Security Boulevard.

Discover how to close the gaps in TPRM with better third-party risk management. Learn how Grip and SecurityScorecard protect against hidden shadow SaaS risks.

The post Rethinking TPRM: Managing Third-Party SaaS Risks | Grip appeared first on Security Boulevard.

AT&T agreed to pay $13 million to settle an FCC investigation into a data breach in January 2023 that put a focus on the evolving security landscape and the growing threat to customer data that organizations store in the cloud.

The post AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach appeared first on Security Boulevard.

The FBI and other U.S. and international law enforcement agencies disrupted a massive botnet created by China-linked threat group Flax Typhoon that had pulled in more than 200,000 IoT and other connected devices over the past for years.

The post FBI Disrupts Another Massive Chinese-Linked Botnet appeared first on Security Boulevard.

Authors/Presenters:Joshua Fried, Gohar Irfan Chaudhry, Enrique Saurez, Esha Choukse, Íñigo Goiri, Sameh Elnikety, Rodrigo Fonseca, Adam Belay

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Making Kernel Bypass Practical for the Cloud with Junction appeared first on Security Boulevard.

Pulumi today added a Pulumi Insights application for discovering cloud assets in addition to generally making available a previously launched tool for centralizing the management of cloud security.

The post Pulumi Adds Cloud Security Intelligence Tool to Portfolio appeared first on Security Boulevard.

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s Turnoff.US: ‘Chat GPT Code Smell’ appeared first on Security Boulevard.

No More Barf-Green Bubbles? GSM Association is “excited” to bring Apple and Google closer together, but encryption is still lacking.

The post E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it appeared first on Security Boulevard.

Buckle up, buttercup, because we're about to dive into the sticky-sweet world of honeytokens!

The post Honeytokens [Security Zines] appeared first on Security Boulevard.

Authors/Presenters:Ahmed Alquraan, Sreeharsha Udayashankar, Virendra Marathe, Bernard Wong. Samer Al-Kiswany

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – LoLKV: The Logless, Linearizable, RDMA-Based Key-Value Storage System appeared first on Security Boulevard.

The North Korean-backed threat group UNC2970 is using spearphishing emails and WhatsApp messages to entice high-level executives in the energy and aerospace sectors to open a malicious ZIP file containing a fake job description and a previously unknown backdoor called MISTPEN.

The post North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors appeared first on Security Boulevard.

Explore PCI DSS audit costs, key factors that influence pricing, and practical tips for managing and optimizing your compliance expenses.

The post How Much Will It Cost to Get PCI DSS Audited? appeared first on Scytale.

The post How Much Will It Cost to Get PCI DSS Audited? appeared first on Security Boulevard.

Digital security has long relied on cryptographic systems that use complex mathematical problems (also known as algorithms) to keep sensitive data and transactions safe from unauthorized access. These algorithms were designed to be nearly impossible for classical computers to solve, ensuring robust protection and encryption for online activities like email communication, secure banking, and more. […]

The post Post-Quantum Cryptography: The Future of Secure Communications and the Role of Standards appeared first on Security Boulevard.

Boston, Mass., Sept. 18, 2024] — One Layer, the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform … (more…)

The post News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets first appeared on The Last Watchdog.

The post News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets appeared first on Security Boulevard.

10 Best Attack Surface Management Tools

What Is Attack Surface Management?

What Are the Different Types of Attack Surfaces?

Top Enterprise Attack Surface Management Tools

Selecting the Right Tool to Manage Your Attack Surface

Enhance Your Attack Surface Visibility with FireMon

Frequently Asked Questions

Get a Demo

10 Best Attack Surface Management Tools

As the cyberthreat landscape grows in both complexity and volume, organizations must adopt comprehensive strategies to protect their digital assets. One critical element of a vigorous cybersecurity program is attack surface management (ASM), which involves identifying, monitoring, and reducing potential attack vectors.

To identify the best attack surface management tools for enterprise, cybersecurity decision makers must understand what attack surface management is, and the types of attack surfaces they need to secure.

What Is Attack Surface Management?

Attack surface management refers to the continuous process of asset discovery, assessment, and risk mitigation associated with an organization’s network. This includes mapping all assets that could be potential entry points for malicious actors.

ASM involves several activities, including:

Asset Discovery

ASM tools identify the organization’s internet-facing assets. Rather than manually inputting your assets, asset discovery solutions use automation for attack surface mapping and inventory of company resources.

Asset discovery is used to identify the following types of assets:

• Known Assets: The organization is aware of these assets’ existence and is actively managing them. Known assets include user directories, websites, applications, servers, routers, and employee-owned or corporate-issued smartphones and computers.
• Unknown Assets: These assets use company networks without institutional approval or oversight. They include old software, abandoned websites, and unsupervised mobile devices and cloud services that access the company’s network.
• Vendor Assets: Although the company doesn’t own these assets, they’re part of its digital supply chain. They include public cloud assets, application programming interfaces (APIs), and software-as-a-service (SaaS) apps.
• Rogue Assets: This malicious infrastructure is created by threat actors to launch cyberattacks against a company. They include malware, phishing sites, and typo squatted domains.

Classification and Prioritization

Upon discovery, assets are categorized according to their risk exposure, criticality, and function to identify urgent security threats and make data-based decisions. Ordinarily, vital and easily exploitable issues take priority.

Remediation

The remediation process focuses on implementing measures to strengthen an organization’s security posture by addressing vulnerabilities and minimizing risk exposure.

Remediation measures that can improve security posture include:

• Reconfiguring systems Access controls
• Network segmentation
• Decommissioning vulnerable assets
• Adopting a zero-trust model

Continuous Monitoring

Continuous monitoring is necessary to counter emerging threats and assets. The goal is to identify new vulnerabilities and track changes to current ones. Remember, monitoring goes hand in hand with reporting.

What Are the Different Types of Attack Surfaces?

An attack surface is the sum of possible access points for unauthorized users to your systems. On the other hand, attack vectors, or threat vectors are specific attack routes to sensitive data.

Attack surfaces include:

Digital Attack Surfaces

Digital attack surfaces expose the software and hardware that link to a company’s network. Provided the hacker has an internet connection, they can exploit the following vectors to launch an attack:

• Misconfiguration: Cybercriminals can use incorrectly configured firewall policies, network ports, and wireless access points.
• Weak Credentials: Weak passwords are easier to guess or crack, allowing cybercriminals to steal data or spread malware, such as ransomware.
• Shared Directories: It’s not uncommon for hackers to steal data from collaborative directories or infect them with malware.
• Poor Encryption: Cybercriminals can intercept unencrypted data at different stages, whether the information is in processing, in transit, or at rest.

Physical Attack Surfaces

Physical attack surfaces comprise a company’s tangible assets.

Security risks include:

• Insider Threats: Dissatisfied employees can abuse access privileges to spread malware, disable devices, or obtain company data.
• Device Theft: When criminals access an organization’s physical premises, they can retrieve data from desktops, laptops, IoT devices, smartphones, servers, and other operational hardware.
• Access Control Systems: Attackers can use biometric scanners, security cameras, and keycards to gain unauthorized access to secure areas.

Top Enterprise Attack Surface Management Tools

The following is a list of the best attack surface management tools to help discover assets, monitor, and increase your security posture.

1. FireMon

FireMon’s asset discovery tool, Asset Manager, automatically discovers and maps all assets across the network in real time, creating a detailed inventory. This helps in identifying potential attack vectors and unmanaged assets that could be exploited.

FireMon’s network security policy management (NSPM) solution optimizes firewall rules and configurations to minimize unnecessary exposure and reduce the attack surface. It helps in removing redundant or overly permissive rules that could be exploited by attackers.

2. Qualys

Initially known as Qualys Cloud Platform or Qualysguard, the Qualys TruRisk Platform is a network security and vulnerability management tool. This platform offers security checks, application scanning, attack surface mapping, detection of network devices, and tools to prioritize and fix vulnerabilities. These features work together to help reduce and manage risk.

Qualys offers a comprehensive suite of features that prioritize real-time vulnerability management. It can continuously scan and identify security weaknesses across your network. The software solution also provides detailed asset discovery to catalog all hardware and software.

3. Tenable

Tenable’s Nessus vulnerability scanner offers extensive coverage of vulnerabilities with continuous real-time system assessments. It comprises built-in features for threat intelligence, prioritization, and real-time insights. Enterprises use it to identify and understand risks, allowing operators to prioritize and address them proactively.

Nessus enables businesses to detect potential vulnerabilities and focus on critical issues to streamline the threat remediation process. It also allows professionals to keep an audit trail and access detailed scan information. These include severity, status, and start and end times.

4. Rapid7

With a robust platform that helps protect your systems from attackers and grow with your needs, Rapid7 also ranks among the top attack surface management tools. The platform offers application security, vulnerability management, external threat intelligence, threat detection, and automation tools. It makes it a great choice for IT and DevOps teams who use them to quickly identify and respond to threats.

Rapid7 aims to make the digital world safer by simplifying cybersecurity and making it more accessible. The company provides security professionals with the research, tools, and expertise needed to manage today’s complex attack surfaces.

5. Microsoft Defender External Attack Surface Management

Microsoft’s Defender focuses on external attack surface management and is offered on Microsoft’s Azure platform. It can identify vulnerabilities and exposures in web-based resources and map out an organization’s unique online attack surface.

Microsoft Defender’s real-time inventory monitoring lets you point out, analyze, and categorize external-facing resources as they emerge. Organizations can use it to enhance their attack surface visibility and discover assets across various cloud environments, including hidden resources like shadow IT.

6. CrowdStrike Falcon Surface

CrowdStrike addresses security challenges by offering a solution that combines endpoint detection and response, next-generation antivirus, cyber threat intelligence, and security best practices.

Falcon Surface also provides full visibility into internet risks affecting businesses and prioritizes threats based on expert insights and business needs.

7. Mandiant

Mandiant provides users with over 250 pre-built integrations to discover assets and cloud resources and identify relationships with partners and third parties. Like many of the other ASM tools, Mandiant monitors network infrastructure continuously to detect exposures and ensure a smooth transition during cloud adoption and digital transformation.

Mandiant helps security teams with the ability to tackle real-world threats by identifying misconfigurations, vulnerabilities, and exposed areas that need attention.

8. Brinqa

Brinqa’s ASM platform includes features like a risk operations center, vulnerability risk management, and cloud risk management. Users can handle risks across their entire attack surface.

Brinqa creates a unified inventory of your attack surface by connecting all asset types, business context, threat intelligence, and security controls into a dynamic Cyber Risk Graph.

9. Cortex by Palo Alto Networks

This global platform by Palo Alto Networks reduces risks by assessing supply chain security, managing cloud security, and addressing various vulnerabilities. Cortex protects against remote access security issues, unpatched systems, insecure file sharing, sensitive business apps, IT portals, weak encryption, and exposed IoT devices.

Cortex Xpanse collects data from domain registrars, DNS records, and business databases to find and identify all of your internet assets. The solution can create a detailed and unique inventory of your online assets, uncovering unknown assets without needing to install or set up anything.

10. CyCognito

Cycognito’s cloud-based platform focuses on managing external attack surfaces. It uses bots and other tools to continuously scan, categorize, and map digital assets. The tool automatically identifies and ranks security risks as if they were real attackers

CyCognito mimics how attackers perform reconnaissance to proactively identify gaps in a company’s defenses.

Selecting the Right Tool to Manage Your Attack Surface

The list of available attack surface management solutions goes far past 10, and it can be difficult to determine what’s best for your organization. However, you may be able to narrow the field by keeping the following ASM best practices in mind:

Visibility Through Continuous Monitoring

Threats keep changing, and a strong cybersecurity program needs ongoing updates. This involves continuous monitoring with automated tools like security information and event management (SIEM) software to track and analyze data from various sources, including security operations integrations.

Prioritize the Most Critical Threats

Once you understand your attack surface, address the most serious vulnerabilities and risks before tackling less urgent issues. For instance, you can take assets offline and improve network security. A tool that provides both real-time visibility and monitors network changes makes prioritization easier.

Know Your Attack Surface

Understand where attackers might strike, which digital assets are at risk, and what protections are needed. Predictive modeling can help anticipate the impact of breaches. Effective defense strategies involve knowing what assets you have, monitoring for vulnerabilities, and using threat intelligence to stay ahead of potential attacks.

Enhance Your Attack Surface Visibility with FireMon

As network complexity increases, cyber asset management and attack surface monitoring become increasingly difficult. As your organization grows, so does the risk of introducing gaps in network visibility. This is where FireMon comes in.

FireMon Asset Manager provides real-time active, passive, and targeted network and device discovery to detect unknown, rogue, shadow clouds, network infrastructure, and endpoints in the enterprise.

Asset Manager can help to:

• Eliminate Blind Spots: Stay ahead of expanding attack surfaces by automatically discovering and cataloging networks, devices, and connections within your environment.
• Enrich Asset Data: Ensure operational intelligence by augmenting systems of record with accurate, up-to-date asset details and attributes.
•  Improve Data Fidelity in Systems of Record: Leverage API and integrations to provide continuous, complete asset information to your security stack.

Request a demo today and discover why FireMon is one of the best attack surface management tools for your enterprise.

Frequently Asked Questions What Are Attack Surface Management Tools?

Attack surface management tools are specialized cybersecurity solutions that help organizations discover assets, monitor, and reduce your attack surface. These tools continuously scan an organization’s networks to detect potential vulnerabilities or points of unauthorized access. Attack surface management tools enable organizations to proactively address security risks by providing comprehensive visibility into all assets.

What Should I Look for in Attack Surface Management Software?

When selecting an attack surface management vendor, it’s important to consider tools that offer real-time monitoring and alerts to promptly detect emerging threats. The software should also include robust risk assessment and prioritization capabilities. Additionally, consider ease of integration with existing security systems and a user-friendly interface.

Get 9x
BETTER Book your demo now Sign Up Now

Get a Demo

Customers

Customer Success Training Hub
User Center

Partners

Partner Directory
Partner Portal
Technology Partners

Company

About
Careers
Contact

The post 10 Best Attack Surface Management Tools appeared first on Security Boulevard.

An analysis of more than 39 million anonymized and normalized data points published today by Cycognito, a provider of platforms for discovering and testing attack surfaces, finds web servers accounted for more than a third (34%) of all the severe issues discovered.

The post Analysis Identifies Web Servers as Weakest Cybersecurity Link appeared first on Security Boulevard.

Austin, TX, 18th September 2024, CyberNewsWire

The post SpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity Measures appeared first on Security Boulevard.