Out of sight, out of mind: why EASM is the foundation of Zero Trust architecture

Out of sight, out of mind: why EASM is the foundation of Zero Trust architecture


Out of sight, out of mind: why EASM is the foundation of Zero Trust architecture

A hailed cybersecurity buzzword: Zero Trust was born out of the critical need to modernize outdated IT architecture, which assumes that all assets within an organization – and attached to it – should be implicitly trusted. As organizations migrate to the cloud, increase their reliance on third party vendors and embrace the digital transformation, the Zero Trust market is expected to grow considerably. A recent Global Zero Trust Security Market Report estimated that the market will grow at 14.7% CAGR in the 2021 to 2030 timeframe; bringing in a total revenue of $87 million USD. 

The question is:  are organizations too quick to adopt, creating more security risk instead of mitigating it?

Zero Trust is guided by the continuous re-authentication of the users or, in other words, a complete lack of trust at any stage. Network segmentation prevents lateral movement, assuming “least access” policies as a means of protecting critical assets. The problem arises when companies assess where to apply Zero Trust policies, which can only be implemented on assets a company knows is there. This is only exacerbated when looking at how to revoke an asset or service. While there are extensive guides for managing and deploying new nodes onto IT Systems, the same cannot be said for the end of life cycle for an asset.

This is a soft spot for modern cybersecurity infrastructure, and represents a huge risk as organizations’ continue to grow their digital footprint, as it’s incredibly easy for teams to lose track of new or pre existing assets. 

A common thread links each of these challenges: knowing the state of your external attack surface. EASM is step 0 for any effective Zero Trust architecture system — here’s why you can’t have one without the other.

Unknown assets are posing threats globally, regardless of industry or location

Mapping the digital perimeter is the first step of any security deployment, but is especially critical in the case of Zero Trust architectures. Everything from infrastructure, applications, services, providers — including those of any subsidiary companies — must be meticulously cataloged before launching a Zero Trust policy to protect them. 

System users and employees must also be accounted for and their security access classified and cataloged, a process that has become even more essential as companies choose to shift to hybrid and remote working environments.  

Organizations have the choice to apply any security architecture to support IT networks — but without knowledge of what to protect on an ongoing basis, huge security blind spots remain. Unknown assets are proving to be a main concern for companies globally — a recent Reposify report assessed the vulnerability of databases, remote access, storage and backup sites of assets with American and Chinese IP addresses. The results found that of the 22 million Chinese assets discovered, 39% of them are classified as “high or critical risk”. Meanwhile, over 106 million assets were discovered in the United States, 20.5% of which are “high or critical risk”. 

So you’ve decided to adopt Zero Trust architecture; what’s next?

Mapping is only the beginning — constant, real time tracking of the digital footprint is essential to ensuring Zero Trust remains effective. As is the nature of the web, unknown assets too are dynamic and constantly changing. EASM shines light on the blind spots of asset management, tackling critical problems facing cybersecurity teams: human error and unmanaged deployment and configuration  of assets. 

Users, applications and infrastructure are the three most critical asset categories Zero Trust policies must be applied to, all of which are supported by EASM. As users continue to transition to remote or at-home work environments, it’s important to keep track of who has access to which systems, and by which means they have access (for example, corporate laptop versus private computer). Now, cybersecurity teams can cross reference the number of remote employees against how many unique access requests in a day to identify potential risk areas and keep systems secure against malactors. 

While Zero Trust enables secure communications in-office, EASM can help reflect what is exposed in real time and provide a clear list of external facing applications, users remote connections and network infrastructure identified. CISOs can now cross-reference this information against those generated on internal systems to confirm their legitimacy, as well as take into account geo-location information that may be abnormal to your system. 

Finally, infrastructure — like routers, switches, cloud, IoT and supply chain systems — can be securely monitored. While Zero Trust is rolled out against every known source, EASM will continuously generate a list of exposed external ports and IT systems for cybersecurity teams to manage.

Manage digital growth securely with Reposify’s EASM Platform and Zero Trust

Because it supplies robust, actionable insight into the state of any organization’s external attack surface, EASM is the first step in any complete Zero Trust strategy. The huge number of unknown assets in circulation has emphasized the need for the cybersecurity industry to create best practices for offloading communication nodes, and prevent them from becoming vulnerable to attack. Thorough mapping of an external attack surface, can help to streamline cybersecurity protocol for CISOs, and reduce the number of unknown assets overall. Reposify’s EASM platform plays a critical role for CISOs in the transition to Zero Trust architecture. As the leading External Attack Surface Management (EASM) Platform, Reposify maps the web in real-time, 24/7, enabling security teams to discover and eliminate unknown exposures and shadow IT risks across all environments with no agents or deployment required. Reposify delivers an up-to-date view of a company’s exposed asset inventory, analyzes and prioritizes every asset and generates a plan with actionable insights so teams can resolve more issues in less time.

Dor Levy is a security professional holding 25 patents in user and autonomous systems. Levy built a strong foundation in software and firmware security during his 10+ years at Intel, where he managed firmware and network interfaces, security compliance for Intel cloud, mobile SDK and applications, and acted as Product Lead of Intel’s VISTRA, a new venture exploration team to develop business directions. He also established the Intel Jerusalem Makers, a networking group of Intel JER employees that volunteered for the community. In his current role as Director of Security at Reposify, Dor manages security research fields for Reposify clients.


Ready to discover your External Attack Surface?

Read Next

The Risks Of Expired SSL Certificates

SSL certificates are essential to encrypting internet traffic and verifying server identities. In spite of the available certificate management tools, cyber incidents related to expired SSL certificates are on the rise, suggesting that managing SSL certificates may not be as simple as it appears. Read what are the risks expired SSL certificates hold, why it is difficult to renew SSL certificates in time, and how EASM can help.

Curious about EASM? Here’s where to begin

EASM touches nearly every corner of a strong cybersecurity posture. With solutions abound, we've handpicked H1 2022's top articles on EASM.

Why Only EASM can provide the protection necessary to guard against RCE threat

In April, VMware issued a series of patches to guard against vulnerabilities in a number of products. Among the most critical is CVE-2022-22954, a remote code execution RCE threat that puts organizations at risk of cyber attack. Only EASM can provide thorough cybersecurity protection against remote code execution hacks, with real-time asset monitoring and identification and clear, actionable insights for immediate intervention.