Learning Library

← Back to Library

Attack Surface Management Enhances Vulnerability Prioritization

3mUnknown Channelsecuritydeep-diveintermediateWatch on YouTube ↗

Key Points

  • Cybersecurity programs aim to manage risk and maintain business resilience, relying on timely vulnerability detection and patching, but the sheer volume of reported flaws makes a “find‑and‑fix” approach impractical.
  • Traditional asset‑management tools miss about 30 % of an organization’s assets, leaving many vulnerable points exposed and untracked for attackers to exploit.
  • The average patch cycle (60‑150 days) now far exceeds the speed at which adversaries can weaponize a vulnerability (as low as three days), highlighting the need for a more proactive defense.
  • Attack Surface Management (ASM) complements vulnerability management by prioritizing risks with contextual insight, uncovering unknown external assets, and identifying misconfigurations, thereby reducing entry points before they can be exploited.

Sections

Full Transcript

# Attack Surface Management Enhances Vulnerability Prioritization **Source:** [https://www.youtube.com/watch?v=oMx9lgTtJnM](https://www.youtube.com/watch?v=oMx9lgTtJnM) **Duration:** 00:03:49 ## Summary - Cybersecurity programs aim to manage risk and maintain business resilience, relying on timely vulnerability detection and patching, but the sheer volume of reported flaws makes a “find‑and‑fix” approach impractical. - Traditional asset‑management tools miss about 30 % of an organization’s assets, leaving many vulnerable points exposed and untracked for attackers to exploit. - The average patch cycle (60‑150 days) now far exceeds the speed at which adversaries can weaponize a vulnerability (as low as three days), highlighting the need for a more proactive defense. - Attack Surface Management (ASM) complements vulnerability management by prioritizing risks with contextual insight, uncovering unknown external assets, and identifying misconfigurations, thereby reducing entry points before they can be exploited. ## Sections - [00:00:00](https://www.youtube.com/watch?v=oMx9lgTtJnM&t=0s) **Prioritizing Vulnerabilities for Faster Remediation** - The speaker explains that traditional vulnerability management is overwhelmed by thousands of flaws, gaps in asset visibility, and slow patch cycles, urging teams to prioritize high‑impact risks and adopt proactive offensive security techniques. ## Full Transcript
0:00ultimately the goal of any cyber 0:02security program is to manage and 0:04mitigate risk in order to maintain 0:07business resilience and Trust one of the 0:10essential ways of doing this is by 0:12monitoring for vulnerabilities in your 0:14it estate and patching them as quickly 0:17as possible this is vulnerability 0:19management a find and fixed mentality 0:22but it's becoming almost impossible to 0:25operationalize this effectively 0:27especially given more than 25 0:30000 vulnerabilities were reported to 0:32nist's database last year it's a 0:35sisyphean task to close them all so the 0:38real challenge teams have is where to 0:40start and what to address first based 0:43upon the biggest impact to your 0:45organization 0:47and that's not where the challenges end 0:49in our experience organizations find 0:52they have 30 percent more exposed assets 0:55than they were tracking using 0:57traditional Asset Management tools 0:59security teams can only adequately 1:01protect what they're aware of this 1:04leaves many tempting vulnerabilities in 1:06plain sight of attackers to exploit 1:09before they're remediated 1:11to make matters worse patching your 1:13vulnerability typically takes between 60 1:15to 150 days while adversaries have 1:19dramatically cut the average time it 1:21takes them to exploit a vulnerability 1:23from three months to three days this 1:27makes it abundantly clear why the find 1:30and sticks approach alone is too slow 1:33to get back on the front foot 1:35organizations need to take a more 1:37proactive offensive approach and build 1:40greater resilience 1:42as one of the most promising offensive 1:44security Technologies today attack 1:47surface management can be the perfect 1:49complement to vulnerability management 1:52a great ASM solution will allow you to 1:54mitigate the Three core challenges I 1:56just mentioned 1:58firstly where to start most 2:00vulnerability management tools rely on 2:02the standardized CVSs severity school 2:05and we've seen plenty of examples of 2:07when a CVSs critical vulnerability is 2:10actually really low risk to an 2:12organization because it's all a system 2:14that's not connected to the internet all 2:16the vulnerable software isn't even in 2:18use 2:19a leading ASM solution can provide the 2:22context that prioritizes vulnerabilities 2:24based on the risk they pose to your 2:27organization and the impact of them 2:30being exploited 2:32secondly an effective ASM proactively 2:35scans your external attack surface just 2:38like an attacker would to reveal that 30 2:41portion of unknown assets and pass them 2:45to your existing vulnerability 2:46management solution to scan and protect 2:50and finally ASM Solutions are designed 2:52to identify risk even in the absence of 2:55a vulnerability after all attackers 2:57would likely prefer to take the easy 3:00route of an exposed login page with a 3:02default username and password rather 3:05than spending their time exploiting 3:07unpatched software ASM broadens the 3:10scope from just vulnerabilities to 3:13include misconfigurations like this and 3:15other risk sources as well 3:17so ultimately ASM focuses on reducing 3:21the number of potential entry points for 3:23attackers and vulnerability management 3:25focuses on making those entry points 3:28harder to exploit 3:30combining the two leads to a much more 3:32proactive and comprehensive approach to 3:35reducing risk and increasing your 3:38resilience to find out more click the 3:40link to read our white paper on ASM and 3:42vulnerability management and subscribe 3:44to see more security videos from IBM