The importance of External Attack Surface Management (EASM) has never been more evident. With cybercrime on the rise, 66% of organizations expect cyber budget growth in 2023. Meanwhile, estimates suggest that expenditure on cybersecurity products and services will reach $1.75 trillion by 2025.
If you’re amongst those considering embracing EASM solutions to prevent external threats from catching you off guard, we’ll break down key features to look for in an EASM tool and highlight the top 10 EASM solutions for 2023.
What is external attack surface management (EASM)?
EASM is a cybersecurity strategy that focuses on identifying and mitigating potential threats to a company’s digital assets that originate outside the organization–including various forms of phishing targeting customers or external parties and fraud through brand impersonation techniques such as clone phishing.
EASM solutions continuously monitor a company’s external attack surface, including websites, domains, and social media accounts, to identify potential vulnerabilities and threats before they cause harm. While not a standalone measure, EASM helps companies get a more complete picture of their environment as enterprise attack surfaces are expanding, earning EASM technologies a leading position in cybersecurity trends recommended to CISOs by Gartner.
Types of EASM tools
There are several types of EASM tools available, each designed to help users with different challenges:
- Brand monitoring tools collect and analyze content from across digital channels to detect potential instances of brand abuse (such as fake domains and social media accounts created illegitimately under the brand’s name).
- Website security tools can help users protect their websites from unauthorized access and attacks, including SQL injection, cross-site scripting (XSS), and Distributed Denial of Service (DDoS).
- Email security tools help users protect their email systems from various attacks, including phishing, spear-phishing, and whaling phishing. Most email protection tools monitor emails coming into the network using algorithms to parse for known malicious attachments, suspicious URL links, and malware. Some also feature virus and malware blocking, spam filtering, content filtering, and email archiving to help prevent users from opening and clicking on malicious content.
- API security tools help to protect applications from external threats by monitoring and controlling their access through APIs. Users can leverage them to identify and block suspicious requests to prevent data breaches.
While these solutions alone may not be sufficient to address all EASM challenges, it’s common to combine them as part of an EASM strategy.
Key features to look for in an EASM tool
When selecting an EASM tool, it is essential to consider the specific needs of your organization and look for the following key features:
- Automatic inventory generation of exposed assets
- Insights into business context and ability to understand the connections of each asset to the core network
- Automatic asset classification
- Automated, continuous monitoring
- Risk prioritization and vulnerability management
- Real-time alerts and reporting
- Compliance and regulatory reporting
These features can help organizations discover, manage, and monitor their perimeter-less network at scale, providing visibility into their attack surface, reducing the risks associated with limited attack surface visibility, and improving the overall security posture of the organization.
10 Top EASM tools for 2023
1. CrowdStrike Falcon Surface (former Reposify)
CrowdStrike provides cybersecurity solutions, and its flagship product, the CrowdStrike Falcon platform, offers a range of security capabilities, including endpoint protection, threat intelligence, and incident response.
- Enables complete visibility into the external attack surface
- Monitors and maps all internet-facing assets
- Provides actionable insights and guidance for security teams to reduce risk and prevent breaches
- Proactively preventing external attacks
- Maintaining regulatory compliance
Review “CrowdStrike was quick to install and easy to use, and feedback from staff was super positive. Most importantly, the product showed it could solve one of our main challenges: visibility of the technological environment.” – Fabiano Moura.
Memcyco developed a PoSA (Proof of Source Authenticity™) solution to give website visitors a visual means to verify that they are engaging with an authentic brand, not a fake domain. Its premise is to overcome the limitations of traditional cybersecurity tools tackling brand impersonation attacks by empowering the brand’s customers to discern what online communication they can trust. Meanwhile, the solution alerts security teams in real-time of an attempted impersonation attack so that brands can take action before it negatively impacts their customers and reputation.
- Gives customers a visual means to verify that they are engaging with an authentic brand’s website through a digital watermark that doesn’t create friction in the user experience
- Works at every touch point with customers.
- Provides security teams with alerts and granular customer impact reports when impersonation attacks are attempted so they can take action before harm is done
- Proactively preventing brand impersonation attacks targeting customers outside the organization’s security perimeters
- Helping to maintain digital trust in a brand’s reputation, ultimately contributing to better online engagement for the organization
Review “Memcyco provides alerts about suspicious activities which are invaluable to us and our students in avoiding attacks. This is the only solution that we know of which can make our users aware in real time that they accessing an impostor site – as they do not see the watermark on it. The solution gives us and our community peace of mind. We can now finally feel confident and safe whenever we access our site.” – Holon Institute of Technology (HIT)
Cyberpion is a hyper EASM platform specializing in ML-powered attack surface discovery.
- Identifies and maps internet-facing assets
- Evaluates and prioritizes risks
- Provides detailed reporting to help security teams proactively mitigate vulnerabilities
- Businesses heavily dependent on cloud, SaaS, APIs, and third-party services
- Compiling an inventory of external-facing assets and connections
Review “Cyberpion provides us the strategic advantage of seeing our external attack surface, dynamically, in the same way attackers see it.”- Mike Manrod, CISO, Grand Canyon Education
FireCompass is an EASM software that provides risk context and actionable information about known and unknown Internet-facing assets for security risk managers. It is a SaaS platform for Continuous Automated Red Teaming (CART) that acts as an integrated security solution for enterprises.
- Discovers and compiles inventories on external-facing digital assets
- Automates continuous risk management assessment
- Daily risk port scanning
- Comprehensive risk discovery, assessment, and mitigation
- Organizations heavily dependent on cloud, SaaS, APIs, and third-party services
- Suitable for highly regulated industries such as finance, healthcare, and government
Review “To our surprise, the tool has exceeded our expectations in identifying numerous domains and subdomains that are shown as public, but should be private.” e-commerce platform for Beauty & Fashion Products
Illusive is a cyber security solution specializing in Identity Threat Detection & Response (ITDR). The company offers a range of products and services that help organizations discover and remediate identity vulnerabilities throughout their environment.
- Discovers and remediates identity vulnerabilities
- Privileged account password protection
- Integrates with other security tools like SIEM and EDR
- Automating discovery and remediation of identity vulnerabilities
- Suitable for organizations of all sizes and industries.
Review “An attacker only has to be right once to gain a foothold while we have to defend thousands of endpoints correctly all the time. We wanted to even the odds by forcing an attacker to find the ‘needle in the haystack’ and thus give away his position, and we realized deception technology would help us achieve this objective… Illusive stood out for its unique approach. By planting realistic deceptions that perfectly match our environment and tripling the number of hosts an attacker sees, we can quickly force him to make a wrong choice.” — Manager of IT Security Operations
Spectral is a developer-first cloud security platform that allows companies to monitor, classify, and protect their code, assets, and infrastructure for exposed API keys, tokens, credentials, and high-risk security misconfigurations. Leading cybersecurity company CheckPoint recently acquired the platform.
- Automates the process of secret protection at build time without negatively affecting CI/CD productivity
- Seamless integration of playbooks and mitigation policies throughout the SDLC, so developers can code with confidence
- Over 2000 detectors to discover and classify data silos
- DevOps teams
- Adopting a shift-left approach by integrating security throughout the SDLC without slowing developers down
Review “Providing developers a heads up on the secrets and potential security leaks before it gets to the code is super important for us. We wanted our data to be as safe as it can, and we recognize code and developers’ work is an area that needs focus… Spectral have automatically identified and surfaced security flaws that our company was not aware of, helping us be more secure and avoid operational risks.” – Ofer Levi, Production manager, Perion
7. Microsoft Defender Threat Intelligence (former RiskIQ External Threats)
- Continuous threat intelligence
- Enhanced alert investigations to accelerate incident response
- Exports lists of malicious entities, IPs, and domains detected
- Understanding the groups behind an online attack, and how they typically operate
- Extending the reach and visibility of existing security investments
- Suitable for organizations of all sizes and industries
Review “Analysts spend a significant amount of time on data discovery, collection, and parsing, instead of focusing on what actually helps their organization defend themselves: deriving insights about the actors through analysis and correlation. Microsoft Defender Threat Intelligence Streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering threat intelligence.” – Security Resources
NetSPI is a cybersecurity company that provides Attack Surface Management (ASM) services to improve visibility, inventory, and understanding of assets and exposures by continuously monitoring and assessing an organization’s attack surface.
- Asset discovery
- Manual exposure triaging
- Interactive interface for continuous pen-testing
- Real-time summary reports
- Open-source intelligence gathering
- Companies that experience constant change, such as those involved in mergers and acquisitions or those with a significant number of third-party vendors
- Managing shadow IT and identifying dark web exposures
Review “From working with NetSPI, my team has been able to demonstrate our ability to prevent, detect, and respond to threats more effectively with the investments in our security stack. By better understanding the most-likely attack vectors, we have been able to strengthen our detective controls.” – Adrian Vargas, VP, Cyber Threat & Vulnerability at Global Atlantic Financial Group (GAFG)
9. IntSights External Threat Protection Suite
The IntSights External Threat Protection (ETP) Suite is an enterprise-grade, external threat intelligence solution designed to deliver contextualized, prioritized, actionable intelligence that teams can deploy in as little as 24 hours.
- Threat Command provides external intelligence and remediation for threats targeting an organization
- Vulnerability Risk Analyzer helps organizations prioritize patching for critical vulnerabilities
- Threat Third Party provides clear, deep, and dark web intelligence for third parties
- Quick and easy deployment
- Global coverage and broad language support
- Suitable for organizations operating in multiple regions or countries.
Review “The insurance industry is heavily targeted for many types of cyberattacks, including the compromise and sale of policyholder data, COVID-19-related exploits, state-sponsored attacks, and, of course, ransomware. The 2022 Insurance Industry Cyber Threat Landscape Report uses threat intelligence data from IntSights to provide an overview of these and other threats facing insurance companies at a global level.”– Insurance Industry Cyber Threat Landscape Report
Reflectiz provides continuous web threat management by identifying and mitigating vulnerabilities in third-party and open-source apps often overlooked by standard security controls. Reflectiz’s innovative sandbox solution monitors and detects all first, third, and fourth-party app vulnerabilities in a business’s online ecosystem, providing complete visibility over its threat surface.
- eCommerce, Financial Services, and Healthcare businesses looking to expand their online presence without compromising security
- Identifying and addressing compliance issues arising from the supply chain before they lead to costly fines or reputational loss
Review “Reflectiz is unique in the marketplace. It has zero impact on my eCommerce site, doesn’t slow anything down, and provides continual coverage for security issues. The prioritization of alerts and the wider ecosystem view allows me as a business user and director to understand the security risks of my eCommerce site.” – Hanna Andersson, Director of Digital DevOps.
Security teams can deliver a great customer experience
Security teams play an essential role in protecting an organization’s assets and ensuring the safety of its customers. However, security measures are commonly perceived as an obstacle to a seamless customer experience.
The reality is that security measures can be seamlessly integrated into all stages of the customer journey to enhance their overall experience. This is achieved by aligning the security team’s objectives with the customer’s needs and goals and choosing the right tools and strategies that enable all parties to act proactively.
Security today is no longer just about protecting your company’s assets and data. It’s also about protecting your customers. That’s why Memcyco stands out from this list of solutions by focusing on empowering end users, no matter where they are, to browse the web with confidence. After all, digital trust is the foundation of all successful digital businesses. Learn more by booking a demo here.
Eyal is head of demand generation at Memcyco