S. P. Kirgizbaev, V. P. Kirgizbaev, A. A. Butin. Application of attack surface management solutions for automation of information security monitoring in the corporate network // Informacionnye tehnologii i matematicheskoe modelirovanie v upravlenii slozhnymi sistemami: elektronnyj nauchnyj zhurnal [Information technology and mathematical modeling in the management of complex systems: electronic scientific journal], 2023. No. 2(18). P. 7-16. DOI: 10.26731/2658‑3704.2023.2(18).7-16 [Accessed 17/06/23]
10.26731/2658‑3704.2023.2(18).7-16
This article discusses an urgent problem of the XXI century – the rapidly expanding attack surface of organizations, which occurs due to the increased digitalization of business processes. One of the most effective ways to solve this problem is shown – the use of products to control the attack surface of the company. Special attention is paid to the Attack Surface Management products existing on the international and domestic markets. In the work, such foreign products as Randori (IBM), Mandiant (Google), Cortex Xpanse (Palo Alto Networks), the domestic product Attack Surface Management (F.A.C.C.T., formerly Group–IB) are studied in detail. Also in this article, domestic and foreign solutions are compared with each other according to various key criteria.
1. What is an attack surface? [Electronic resource]. – Access Mode: URL: https://www.ibm.com/topics/attack-surface (date of access: 05/18/2023).
2. CVE-2021-44228 [Electronic resource]. – Access mode: URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 (date of access: 05/18/2023).
3. What is attack surface management? [Electronic resource]. – Access Mode: URL: https://www.ibm.com/topics/attack-surface-management (date of access: 05/18/2023).
4. IBM Tackles Growing Attack Surface Risks with Plans to Acquire Randori [Electronic resource]. – Access Mode: URL: https://newsroom.ibm.com/2022-06-06-IBM-Tackles-Growing-Attack-Surface-R... (date of access: 05/18/2023).
5. Randori Attack Surface Management [Electronic resource]. – Access mode: URL: https://www.randori.com/solutions/asm (date of access: 05/18/2023).
6. Randori Platform [Electronic resource]. – Access mode: URL: https://www.randori.com/platform (date of access: 05/18/2023).
7. Mandiant Adds Attack Surface Management to its SaaS Portfolio with the Acquisition of Intrigue [Electronic resource]. – Access Mode: URL: https://www.mandiant.com/company/press-releases/mandiant-adds-attack-sur... (date of access: 05/18/2023).
8. Google Completes Acquisition of Mandiant [Electronic resource]. – Access mode: URL: https://www.mandiant.com/company/press-releases/google-completes-mandian... (date of access: 05/18/2023).
9. Mandiant Advantage Attack Surface Management [Electronic resource]. – Access mode: URL: https://www.mandiant.com/advantage/attack-surface-management (date of access: 05/18/2023).
10. Palo Alto Networks Completes Acquisition of Expanse [Electronic resource]. – Access mode: URL: https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-c... (date of access: 05/18/2023).
11. Continuously discover, evaluate, and mitigate attack surface risk [Electronic resource]. – Access mode: URL: https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-man... (date of access: 05/18/2023).
12. It's a fact: the Russian business of Group-IB was bought out by local management, F.A.C.C.T. – a new brand of cybersecurity [Electronic resource]. – Access mode: URL: https://www.facct.ru/media-center/press-releases/facct (date of access: 05/18/2023).
13. Group-IB Attack Surface Management [Electronic resource]. – Access mode: URL: https://reestr.digital.gov.ru/reestr/745507/?sphrase_id=3008780 (date of access: 05/18/2023).
14. Attack Surface Management - Full control of the external attack surface [Electronic resource]. – Access mode: URL: https://www.facct.ru/products/attack-surface-management (date of access: 05/18/2023).
15. GigaOm Radar for Attack Surface Management [Electronic resource]. – Access mode: URL: https://research.gigaom.com/report/gigaom-radar-for-attack-surface-manag... (date of access: 05/18/2023).