Supply chain risk is rising up the priority list for more and more orgs, such as within US government supply chains. How can the latest attack surface management (ASM) innovations increase visibility into third-party risk?
To explore the latest ASM capabilities and their use cases, a recent episode of The Virtual CISO Podcast features David Monnier, Chief Evangelist and Fellow at Team Cymru. The podcast host is John Verry, Pivot Point Security CISO and Managing Partner.
Vendors are part of your attack surface
Traditional ASM solutions only offer a view on assets that are directly accessible given basic data like domain names and IP addresses. Through its Pure Signal Orbit offering, Team Cymru applies a hybrid ASM approach that combines automated discovery mechanisms with human analytical expertise. With these tactics, “no asset is beyond your scope.”
That includes third-party compromise and other real-time data on third-party risks—expanding ASM use cases to encompass M&A due diligence and supply chain risk management. Vendor attack surface analysis can be done on an as-needed basis or continuously. (Companies with thousands of suppliers may not want to monitor all of them, all the time, for instance.)
How does Team Cymru monitor third-party risk?
The more you know about your vendors’ domains, IPs, etc., the better. But it’s not necessary to get privileged data to monitor third-party risk, according to David.
“A lot of people just get handed the keys [to a product] and are told, ‘Type in your information and go,’” David relates. “You could have done that with just Nessus.”
The human factor is what makes Team Cymru’s approach unique.
“We have a bunch of automations that feed that process,” explains David. “But the end process is determined by a human being, who says, ‘Yeah, this is us.’ Or ‘No, this isn’t us.’”
If you’re looking for continuous monitoring and alerting, Team Cymru can give you a daily rundown of activity across whatever IP addresses you’ve asked to look at. If you want an on-demand analysis, their tools can show you, for example, if any of your vendors’ hosts have been identified as likely compromised within the past 90 days.
To listen to the podcast with David Monnier, Team Cymru’s Chief Evangelist, click here.
Want more thought leadership on applying attack surface management capabilities to supply chain risk? Try this blog post: How Attack Surface Management Can Help Reduce Supply Chain Security Risks