See Your Attack Surface as Threat Actors Do With EASM and CNAPP

Layering external attack surface management with a cloud-native application protection platform gives visibility into unknown vulnerabilities.

April 8, 2024

3 Min Read
A screen showing technology icons such as keys, 0 and 1, and wireless signal, in hexagons.

By Dean Coza, General Manager for RiskIQ and Microsoft Threat Intelligence, Microsoft

External attack surface management (EASM) is relatively new to the cloud security scene. However, it's rapidly becoming an integral part of modern vulnerability management.

As organizations increasingly move to the cloud, shadow IT has created increasing security risk. Today, 57% of small and midsize businesses report high-impact shadow IT efforts occurring outside the purview of their IT departments. For security teams, this presents a massive risk. How can they protect something that they don't know about or cannot see?

A cloud-native application protection platform (CNAPP) can leverage application programming interface (API) access and authentication to capture known cloud infrastructure footprints. However, by layering EASM on top of CNAPP, organizations gain visibility into their unknown assets and vulnerabilities, too. Crucially, organizations can use EASM to view their complete external attack surface as an adversary would. This view helps organizations fill in the gaps they might not otherwise find if they are limited to a managed cloud view.

So, how do EASM tools uncover these security gaps?

What to Prioritize in an EASM for Greater Visibility

EASM supports a variety of use cases, and chief among them is the ability to accelerate an organization's comprehensive response to zero-day vulnerability disclosures. When security teams have clear, up-to-date visibility into their attack surface, it's much more practical to remediate zero-day vulnerabilities as soon as they are disclosed.

Zero-day vulnerabilities are a reactive use case. However, EASM can also be used to achieve a proactive state of security. For example, organizations can leverage EASM to identify unmaintained legacy infrastructure, support comprehensive cloud management and compliance programs, flag partner and supply chain risks, and manage digital transformation processes. These functions together enable organizations to identify and remediate high-priority vulnerabilities before they can be exploited.

To get the most out of your EASM investment, prioritize these key elements:

  1. Scale: Can your EASM solution provide enough actionable, relevant insights to create a comprehensive view of your attack surface? An Internet intelligence graph acts as a global Internet inventory, providing visibility into important open ports and services. It layers on nation-grade intelligence from over 65 trillion daily threat signals to give security teams the insights to guard against the latest nation-state actors and threat vectors.

  2. Continuous monitoring: How often does your EASM solution scan your environment? Ideally, this should be an ongoing, continuous process that provides constant insight into your current risks. This is especially important for addressing zero-day vulnerabilities quickly and effectively. Additionally, your EASM solution should show you where your risks live, prioritize them based on their potential impact on the business, and offer actionable recommendations to remediate them.

  3. Ease of curation: Is it easy to manage and curate your inventory? Most organizations lack dedicated staff for inventory curation, so your EASM solution needs to make it easy to sift through and identify relevant assets and vulnerabilities. This also ensures that your EASM solution is used proactively as intended by removing any barriers to adoption and ongoing maintenance.

Ultimately, we live in a world of rapidly emerging threats, many of which are severe. Organizations must be prepared to react quickly to those threats when defending themselves in the cloud and on the open Internet. Layering EASM on top of a CNAPP solution allows organizations to discover vulnerabilities for all known and unknown assets so that they can better secure an ever-evolving threat landscape.

About the Author


Dean Coza is a 25-year cybersecurity industry veteran, with executive leadership roles at FireEye, Absolute Software, and RiskIQ, where he was chief product officer overseeing all R&D prior to Microsoft's acquisition of the company in 2021. He continues to serve as general manager for RiskIQ and the Microsoft Threat Intelligence products portfolio.

Read more about:

Sponsor Resource Center
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights