Question 1: Do we need to be thinking about the attack surface differently so it doesn’t appear so unwieldy?
Attack surfaces are growing astoundingly – and we will never truly reduce this number. We should forever expect assets to be coming online. So, it’s less a question of shrinking attack surfaces and more a question of how does security keep up-to-date and track what’s going on around them? The answer is by managing the attack surface.
Get a better understanding of ASM in our ASM 101 Guide.
Question 2: Is there a situation to get better asset management control? Is it just a situation of discovering what you’ve got and deleting the stuff shouldn’t be where it is, or is it just really gap analysis?
It’s less of a “clean it up” one time and it’s done mentality. It’s more like we need to provide ourselves with continuous visibility.
How does Censys do continuous visibility? Read about it in this blog.
Question 3: Do you consider fake networks and devices to be part of your attack surface?
We don’t consider that part of the attack surface because they’re not valuable to our customers – and we always try to eliminate noise.
What does Censys scan for? Read the documentation.
Question 4: What is the process for incorporating threat modeling into the entire attack surface management process? How often should one re-threat model?
It should be happening continuously! Look at what people are actually attacking and take this into consideration for what you should be addressing first.
Question 5: What even is an asset in a world of automation, containers, and infrastructure as code?
Anything that can pose a risk can be considered an asset. It could be a container, a website, a bucket, an API, a login, a device – anything that someone might use to attack you is something that should be accounted for.
Learn more about what you should be looking for in an Attack Surface Management solution here.