Last Updated on June 7, 2022
Attack surface management integrates and enriches data from a variety of sources related to threats and vulnerabilities to pinpoint the exposures that pose the greatest business risk.
Does attack surface management also connect to patch management? For example, can the attack surface management solution drive automated patching to fix vulnerabilities?
To share the capabilities and benefits of attack surface management, Michelangelo Sidagni, CTO at NopSec, joined a recent episode of The Virtual CISO Podcast. Hosting the show is Pivot Point Security CISO and Managing Partner, John Verry.
Adding intelligence to the vulnerability remediation workflow
Michelangelo explains that, while attack surface management doesn’t subsume patch management, it can integrate with patch management or change control solutions (e.g., BigFix) to support automated patching of some prioritized vulnerabilities.
“We connect with patch management, we connect with SIM and SAM, we connect with ITSM such as ServiceNow, we connect with Jira, Remedy and so on,” says Michelangelo. “We want to establish the entire workflow. But we don’t want to recreate the wheel. We want to offer a service that puts intelligence on the workflow—not recreate the vulnerability scanner. The vulnerability scanners are great; they do a great job. The problem is that you’re overwhelmed with their results.
The AI within attack surface management makes it easier to operationalize the workflow around vulnerabilities so you get maximum risk reduction benefit for your effort and time.
Can attack surface management make automated patch management “safer”?
Automated patch management sounds great in theory, but as John notes it has a scary side: “Everyone wants automated and then no one will turn it on, because they’re scared to death it’s going to break something.”
Does the AI in attack surface management help with that fear factor?
“It depends,” Michelangelo observes. “Wise organizations, they turn on automatic patching for workstations, for example. With servers, there’s compliance and change management. You have to test first, obviously, a little bit more. I wouldn’t turn on automatic patching [for servers]. Containers is a moot point because patching is built into the code of a container.”
But, as Michelangelo notes, firms at high risk may not care if they break their servers, as long as they’re fully patched for security.
“Let it break, we’ll figure out how to fix it, and then we’ll be more resilient going forward,” John characterizes.
To hear this podcast episode from start to finish, click here.
Does attack surface management help you prioritize vulnerabilities? This related blog post explores the topic: Can Attack Surface Management Help with Vulnerability Assessment?