Attack Surface Assessment Tools
External Attack Surface Management (EASM) and Digital Risk Protection Services (DRPS) are two important tools in the arsenal of any organization’s cybersecurity strategy. However, there is a significant difference between the two approaches that should not be overlooked.
What is EASM?
External attack surface management (EASM) is a proactive approach that focuses on identifying and mitigating potential vulnerabilities before they can be exploited by cybercriminals. Advanced External Attack Surface Management (EASM) solutions go beyond attack surface discovery to assess and prioritize the exploitable risks that could lead to a successful attack. By enabling security team to go on the offensive and proactively address these risks, organizations can significantly reduce their overall risk.
What is DRPS (Digital Risk Protection Services)
Digital Risk Protection Service (DRPS) is a solution that monitors the internet, including the deep and dark web, for any mention of an organization’s name, brand, or key personnel, as well as stolen data being sold on underground forums. DRPS only identifies attacks after they occur, taking a reactive approach to security. It’s a valuable cybersecurity tool, but it shouldn’t be the only tool in your arsenal.
EASM vs. DRPS
|See like an attacker||See what attackers have already taken|
|Proactive risk reduction||Reactive damage control|
|Prevent attack before they happen||Monitor to identify attacks that have happened|
Proactive vs reactive cybersecurity approaches
One of the key differences between EASM and DRPS is their approach to cybersecurity. EASM is a proactive approach that focuses on prevention, while DRPS is a reactive approach that focuses on monitoring. This means that EASM tools and services are designed to identify and mitigate potential vulnerabilities before they can be exploited by attackers.
DRPS, on the other hand, is designed to monitor the internet for any mention of an organization’s name, brand, or key personnel, as well as stolen data being sold on underground forums.
For example, a report by Kaspersky (based on a study conducted by Guardicore) found that in 2020, there were 1.5 million exposed remote desktop protocol (RDP) servers worldwide, providing cybercriminals with a gateway into company networks. Guardicore analyzed 160,000 publicly accessible servers and discovered that more than 14,000 of them had been compromised within just 24 hours, and within 48 hours, that number grew to more than 50,000.
These findings highlight the importance of securing servers and protecting them from external threats, as well as the need for protective measures like EASM to mitigate exploitable risks. These are the types of vulnerabilities that EASM discovers, enabling companies to act before cybercriminals can leverage one of those gateways to gain access to the company’s network. DRPS would discover the exposed credentials after cybercriminals have taken advantage of one of those gateways to access the company’s network and expose sensitive data.
Gain the attackers point of view
Another difference between EASM and DRPS is the perspective they offer. EASM provides organizations with an attacker’s point of view, allowing them to see their network and digital assets as a cybercriminal might. This perspective helps organizations identify and mitigate potential vulnerabilities that might be overlooked by internal IT staff.
Identify attacks to control damage
On the other hand, DRPS is focused on what attackers have already taken. DRPS can be useful in identifying when an attack has already occurred, such as when an organization’s data appears for sale on the dark web. For instance, a study by Digital Shadows found that in 2020, there were over 15 billion credentials exposed on the dark web, a 300% increase since 2018.
While DRPS detects this type of threat, it’s already too late for companies to prevent exposure. At this stage, organizations should focus on containing and controlling the damage. Part of the damage has already been done, and the organization now have to deal with the fallout of the attack.
Integrating DRPS Threat Intelligence into EASM
While EASM and DRPS are different approaches to cybersecurity, they can complement each other when integrated. By incorporating the DRPS view into an EASM solution, organizations can expand the scope of their attack surface inventory, including additional IPs and domain names that may not have been previously considered. This integration allows for more comprehensive visibility into an organization’s security.
Additionally, any information about exposed machines and leaked credentials discovered through DRPS can be mapped to the relevant items in the inventory. This enriches the context and helps to prioritize the risks [TN1] associated with those assets. Overall, integrating DRPS into an EASM solution can provide a more complete picture of an organization’s potential vulnerabilities, leading to a more effective and proactive cybersecurity strategy.
[TN1]Our prioritization page refers to this capability – It’s also called Threat Intelligence