External Attack Surface Management (eASM)

The EASM service aims to give the client visibility of their external facing assets, identify their appetite to risk and enable effective prioritisation and remediation where it matters most. NCC Groups Managed service wrap will take all the hard and time consuming work of correlating results, understanding what they mean to the organisation and prioritising remediation activities, providing the client with streamlined and actionable result so they know where to focus their attentions first. Thus removing overhead on the clients security teams, and freeing up their time for those all-important mitigating activities.

The service comprised high-level of:

• Regular external asset discovery and validation – ensuring NCC and Clients are always working with the latest asset inventory. Including IPs, Domains, Web Apps and certificates.
• Subsidiary breakout – Highlighting which assets belong to which subsidiary, streamlining action and responses from applicable security teams.
• Regular risk, vulnerability and misconfiguration identification (exposures)
• API integration for cloud environments Eg, AWS, GCP, Azure.
• Comprehensive coverage across AWS cloud, on-premises servers, user endpoints, and network devices.
• Cloud Visibility Dashboard - to view specific risks to cloud assets within the AWS, Azure, and GCP environments monitored.
• Exploit intelligence – providing additional context based on the criticality of an asset, exposures present and whether exposures are of high interest from attack vectors
• Exposure analysis – providing updates on any emerging threats and zero day vulnerabilities that may affect the client
• Prioritization and recommendations – Providing intelligent action to client. Where does the client need to focus their efforts to make the most impacting to reducing their appetite for risk. What actions are needed to mitigate an exposure.
• Unauthenticated web application scanning
• Asset chaining – Highlighting which assets relate to each other, E.G identifying certificates and webapps relating to an IP and vice versa.
• Daily ports and services – monitoring for baseline changes against ports and services of importance to the client.
• Actionable insight – providing remediation plans, remediation steps and guidance on how to safely exploit an exposure in your environment for testing purposes.
• Portal access - Access to NCC Groups portal for ticket notifications and relevant information to action and remediate accordingly. Providing a single pane of glass with interactive dashboards.
• AWS Hosted Console: The ASM management console and backend run in the AWS and / or GCP Cloud
• Feeds into the AWS shared responsibility model – aiding clients to meet their responsibility for securing data and configurations and be compliant with organisational policies
• Enables coverage of asset in autoscaling scenarios such as cloud environments
• Complementary to AWS vulnerability management tools such as:

o Amazon Inspector – Helps detect vulnerabilities in applications deployed by AWS
o AWS Security Hub – Providing organisations with a view of their security state within AWS, aggregating security findings from multiple AWS services
o Amazon Guard Duty – Continuously monitors AWS accounts and workloads for malicious activity
o AWS Config – assess, audit and evaluate the configuration of AWS resources