Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Invisible Battleground: Essentials of EASM

Know your enemy – inside and out. External Attack Surface Management tools are an effective way to understand externally facing threats and help plan cyber defenses accordingly. Let’s discuss what EASM is, how to use it, and what other pieces are involved to help one see through the fog of war that is your external network security posture.

What is EASM?

External Attack Surface Management is typically a SaaS service for identifying, monitoring, and reporting on the various points of entry that are exposed to potential attackers from outside an organization's network. It can also help find unknown and unmanaged resources outside the firewall. EASM can also identify exposed vulnerabilities on external facing assets. As a SaaS service it requires minimal effort to configure and monitor. 

Image 1 Dashboard from Microsoft’s Defender for EASM
Image 1: Dashboard from Microsoft’s Defender for EASM

 


EASM vs External Pen Testing

  • EASM vs External Pen Testing
    You might say, ‘I’m already doing external pen testing; I don’t need an EASM’, but the purpose of EASM is different than a pen test, for example:
    EASM maps out all your public-facing assets. An objective of EASM is to find ‘shadow IT resources’ and register them with your CSPM service so they can be properly monitored and provide a complete map of your external attack surface.
  • EASM operations run continuously – once configured with the scope details of your domain(s), EASM will run continuously and provide update reports on a periodic basis.
  • EASM is not performing attack simulations - EASM is focused on finding public-facing hosts, ports, and domains.
  • EASM and pen testing are complementary tools – EASM presents the full breadth of public-facing assets that can be used to plan your pen testing operations.
     

Using EASM in a SOC Operations Lifecycle

EASM is a planning and investigative tool. Here are some examples of how security teams commonly use it in daily operations.

 

Using CSPM Asset Inventory to Remove Gaps in Security Operations

EASM solutions usually present their data in a schematized form so it can be queried and sorted in a database. As such, the EASM data can be combined with other information, such as vulnerability data and asset inventories. Together, this information can provide an overview of your attack surface. SOC administrators can then use this asset list to identify configuration gaps in tools such as CSPM, EDR, and SIEM.

Using CSPM for SIEM incident investigations

If SIEM generates an incident containing a hostname, one of the first steps the SOC operator will take is to identify where that host exists on the network. EASM content can be made available in SIEM to provide quick access to that information. In addition, SOAR and AI tools (e.g., Microsoft’s Copilot for Security) can use EASM content to automatically lookup EASM content and apply relevant data to an incident.

Summary

External Attack Surface Management is a useful security architecture for understanding your publicly facing security posture. Combining EASM with other security tools can provide a good picture of your entire attack surface and help improve processes used for SIEM investigations.

References
Microsoft’s EASM Solution
Gartner EASM Reviews

About This Blog Series 
Follow the full series here: Building Defenses with Modern Security Solutions
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.

Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.

Compliance
All topics mentioned in this series have been mapped to several compliance controls here.

About the Author

David Broggy is Senior Solutions Architect, Implementation Services at Trustwave with over 21 years of experience. He holds multiple security certifications and won Microsoft's Most Valuable Professional (MVP) Award for Azure Security. Follow David on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo