Attack surface management (ASM) is a longstanding practice in cybersecurity. It describes the process of identifying, assessing, and reducing an organization's “attack surface,” which is the totality of all possible entry points for attackers. The goal of ASM is to reduce an organization's vulnerability to cyberattacks, and as such it should be included in every organization's security strategy.
Traditionally, ASM and EASM (external attack surface management) technologies have focused on identifying vulnerabilities and public exposures (e.g., open ports) in on-premises or cloud infrastructure that is known, inventoried, and governed by IT.
But, the proliferation of SaaS applications across the enterprise requires security organizations to rethink their attack surface management strategy and tooling. Today, the modern attack surface is a SaaS attack surface. Here’s why:
The digital supply chain is a complex mesh of SaaS applications that changes frequently.
The software bill of materials (SBOM) is largely a SaaS bill of materials (SaaSBOM) with a litany of SaaS tools touching source code, CI/CD environments, and infrastructure.
Critical infrastructure spans multi-cloud environments, some that are managed and some that are unmanaged.
Sensitive corporate data, including employee and customer PII, exists across SaaS-delivered HR, CRM, and file sharing applications.
Publicly exposed infrastructure extends to every identifiable domain, source code repository, and even social media accounts associated with your brand.
How Nudge Security can help
Because of how decentralized SaaS adoption and use has become in recent years, the modern SaaS attack surface is dynamic and amorphous. It’s also now a top target for attackers looking to gain access to an organization’s crown jewels. Security organizations can no longer rely solely on traditional ASM and EASM technologies to gain visibility and secure their far-reaching and often unmanaged SaaS attack surface.
With Nudge Security’s SaaS attack surface capabilities, you can. We continuously discover unmanaged cloud and SaaS assets and OAuth grants, map your SaaS supply chain, and monitor for publicly exposed SaaS applications and domains. What’s more, we compile this inventory into a searchable dashboard to help you readily visualize and manage the full extent of your SaaS attack surface.
Read on for the full how-to.
But first (as usual), here’s the quick interactive demo for the TL;DRs among us:
1. See what attackers can see about you
Nudge Security discovers publicly-exposed SaaS applications, domains, and even social media accounts associated with your brand. These represent low-hanging fruit for attackers targeting your organization and should be secured and governed accordingly.
2. Create a referential list of all identifiable corporate domains
Nudge Security helps you to identify all domains registered by employees in your organization, so you can take proactive steps to centralize governance and security to ward off DNS and domain-related attacks like domain hijacking.
3. Continuously map the current state of your cloud infrastructure
Today, whether they realize it or not, most organizations are multi-cloud organizations. All too often, cloud accounts and resources are created by technology teams or individuals only to be forgotten, abandoned, or orphaned when the account owner leaves the organization. These situations not only increase the risk of cloud account takeovers, but can also disrupt business continuity if a rogue cloud account makes its way into a production-critical process.
With Nudge Security, you can uncover rogue cloud accounts and map all of your cloud infrastructure, managed and unmanaged, thanks to our cloud asset discovery and classification capabilities.
4. Know where your source code is at all times
Software supply chains have been a heightened area of focus for security organizations following major breaches, such as SolarWinds and Log4j. Yet not enough attention has been given to the fact that the modern software supply chain is increasingly becoming a SaaS supply chain. The recent security incident at devops vendor CircleCI, among others, underscores the criticality of monitoring what SaaS tools your development and devops teams are introducing to build and deliver products.
That’s why Nudge Security summarizes such tools and resources, so you can know where source code and other artifacts reside. And, using our Oauth discovery capabilities, you can immediately identify what other applications have access to your source code.
5. Monitor your SaaS supply chain for data breaches
SaaS supply chain attacks are on the rise, and when a data breach occurs, security organizations need immediate insight into whether or not their critical infrastructure is at risk. Only Nudge Security continuously discovers and maps your SaaS supply chain: not only the SaaS providers you use internally, but also the SaaS providers they use in turn (AKA 4th-party SaaS suppliers). Nudge Security alerts you to data breach disclosures in your SaaS supply chain, so you can take proactive steps to protect your organization.
6. Know where your sensitive data resides
One of the hardest simple questions for CISOs to answer today is, “where does my corporate IP live and who has access to it?” With Nudge Security, this becomes immediately answerable. It automatically classifies SaaS applications and gives you a summarized list of the apps your organization uses that commonly house sensitive corporate IP, including customer data, employee PII, financial information, and more. You can monitor who has access to these applications by drilling down into the accounts.
Most social media platforms are limited in (or just plain bad at) providing enterprise access controls for multiple users. It’s not uncommon for an employee with administrator credentials to the corporate Twitter or LinkedIn account to retain access after leaving an organization, or to have their credentials stolen and used in an account takeover attack.
To help with this, Nudge Security identifies all accounts associated with social media platforms as well as the MFA status of those accounts. In one click, you can nudge account holders to enable MFA on those accounts.
But wait, there’s more!
As you can see, with a single dashboard in Nudge Security, you can monitor the entirety of your SaaS attack surface and monitor sensitive resources and data across cloud and SaaS locations on a continuous basis. But…there’s also more.
Nudge Security makes this information actionable through custom notifications and alerts, which you can use to stay aware of changes in your SaaS attack surface and send downstream to security analytics, SIEM, and SOAR platforms. With purpose-built playbooks, we make it simple to run automated workflows to help you manage your SaaS attack surface efficiently.
The best way to experience our attack surface dashboard is to try it out for yourself. We make that simple, too. You can get started with a 14-day, no-hassle, full-featured free trial—it takes just a few minutes to get started.