Black Hat 2022 Review: Attack Surface Management Stands Front and Center

At Black Hat, Security teams are investing in Attack Surface Management to control their growing attack surface

Last week, the Black Hat USA conference was back in-person and the halls were packed with security practitioners excited to learn about the latest and greatest advancements in security and risk technologies. While the show also offered a virtual presence, it was clear that attendees were excited to participate in person, in this, the 25th installment of the event. Security teams showed up in droves to the Mandalay Bay to take part in the sessions, keynotes, and collaborate with vendors in the Business Hall.

While many of the familiar larger security vendors touted large booth presences in the Business Hall, Noetic had the opportunity to participate in the Innovation City, where the next generation of cybersecurity startups were showcasing innovative solutions to security problems both new and old.

In the past, one or several themes stand out as key drivers for discussion amongst Black Hat attendees and vendors. These have included topics like incident response, security orchestration, automation, zero trust and ransomware. As we at Noetic walked around the show floor this year and spoke to hundreds of attendees, we discovered one theme continuously stand front and center this year: Security teams want a better grasp of their growing attack surface.

More than ever, we saw both vendors and attendees discussing the challenges of attack surface management. The traditional attack surface is expanding due to a growing number of devices online, shadow IT, and increasingly complex supply chains. It is clear that the old way of managing an organization’s security posture, patching endpoints and trying to work through a massive number of potential vulnerabilities is no longer enough. Instead, the forward-thinking security organizations are looking at their attack surface as a whole, and putting a plan in place to manage evolving threats.

This is not just being discussed among vendors , but analysts and thought leaders agree. Gartner describes attack surface management as addressing the question ‘What does my organization look like from an attacker’s point of view and how should it find and prioritize the issues attackers will see first.” Even Chris Krebs, the founding director of the Cybersecurity and Infrastructure Security Agency (CISA) described the problem of the expanding attack surface in his keynote by saying, “We all have a pathological need to have things connected to the internet”.

Many vendors are introducing solutions that can help manage the attack surface, but this often leaves security practitioners with confusion over capabilities of each solution. Simply put, an attack surface management solution can be broken down into focusing on the internal or external attack surface. An internal attack surface program starts by creating an inventory all assets, internal & internet-facing as well as mapping their relationships and appending critical contextual cyber data. This ensures that organizations can identify security coverage gaps, misconfigurations and policy violations, prioritizing resolution based on business risk. This process has been coined by Gartner as cyber asset attack surface management (CAASM).

On the contrary, external attack surface management (EASM) identifies an organization’s external-facing assets and systems from an “outside-in” perspective, equipping teams with the insights necessary to close the unknown pathways to their organization. While neither approach is incorrect, Noetic and many analysts agree that investing in CAASM first, then EASM helps you thoroughly understand and protect your infrastructure.

While other topics also stood out as key themes at Black Hat, it is important to recognize that attack surface management is top of mind for security leaders. We even heard several attendees and vendors using the phrase “you can’t secure what you don’t know is there.”. We at Noetic most certainly agree!

If you were not at Black Hat, or did not have a chance to stop by and see us at Noetic, we’d be happy to share with you how our platform can help your organization see the full picture and truly understand the significance of relationships between assets, so you can identify gaps and continuously improve efficacy. Join us for a live demonstration to learn more.