Welcome to the ThreatMate Threat Intelligence Blog, abbreviated (TIB) in the spirit of all these acronyms. We thought it would be best to start out with a better understanding of what ThreatMate does and tackle this acronym game that tech companies play encouraged by Gartner. Let's start out with a category FAQ.
What is an Attack Surface? Before we get into ASM, let's define what is an attack surface. In the context of cyber networks an attack surface is any device that can be exploited for an attacker's gain and the defender's loss. It is usually either one step toward the attacker's end goal or the end goal itself. Importantly, attack surfaces can be externally facing (Internet facing), or internally facing, by which we mean "behind the firewall" from a device connected to the organization's network (to include cloud services). Devices can be laptops, workstations, servers, cameras, conference phones, printers, security appliances, actual appliances, TVs, and you-name-it Internet of Things (IOTs). The actual attack surface is software. And software is exploitable for attack by (mis)-configuation or software vulnerabilities. We use the term exposure to mean the set of configurations or vulnerabilities that can be exploited for attacker's gain.
What is Attack Surface Management (ASM)? Attack surface management is the process of continuously discovering, identifying, remediating, and monitoring attack surfaces for exposures an attacker can exploit.
Discover means to find devices on the network
Identify means to find exposures these devices may have
Remediate means to correct the exposures whether through reconfiguring, patching, or mitigating the cause of the exposure
Monitor means to continuously surveil the network attack surface like a radar sweep for new devices and exposures.
What is Cyber Asset Attack Surface Management (CAASM)? CAASM is the process of discovering, identifying, remediating, and monitoring cyber assets for security exposures. In other words, CAASM is ASM, but I think the nuance Gartner would give t0 CAASM, is the data from CAASM is queryable and usually obtained via API, as opposed to natively through the platform's own sensors. If you know Gartner, they tend to invent categories and this is one example of this.
What is Vulnerability Management (VM)? Vulnerability management is a risk-based approach to discovering, identifying, prioritizing, and remediating security exposures.
If you've been paying attention, and I can't blame you, if you haven't, it appears that ASM, CAASM, and VM is more or less the same thing: the process of discovering, identifying, prioritizing, remediating, and monitoring for security exposures, sometimes natively with sensors, sometimes via API with the ability to query said exposures.
So what is ThreatMate? Glad you asked finally. ThreatMate (TM) is a {ASM, CAASM, VM} platform for discovering, identifying, prioritizing, remediating, and monitoring for security exposures, sometimes natively with sensors, sometimes via API with the ability to query said exposures.
In addition to the above, ThreatMate is a single platform that allows you to security score your network and the networks of your suppliers and track it over time as you remediate exposures. ThreatMate also uses artificial intelligence (AI) to generate solutions to these security exposures because we believe you care more about solutions than problems. We then use machine learning (ML) to reduce these problems to the smallest set of actions to take with the maximum impact on attack surface reduction. We call these Mission Plans because they are designed for IT operators who just want to get shit done.
And simply because we can and we know you want this, we also monitor your domain security, monitor your user accounts for stale and suspicious logins, multi-factor authentication (MFA), and monitor the DarkWeb for lost or stolen corporate credentials.
Do we expect Gartner to create a new category for all this functionality packed into a single platform? No, not really, but we know our MSP/MSSP partners and clients benefit from these capabilities all the same. If you haven't take ThreatMate for a test drive, give it a whirl!