Threat Intelligence-Driven Attack Surface Management

Defenders struggle to keep up with the pace of digital transformation in the face of an expanding modern enterprise attack surface and more sophisticated adversaries. A conceptual framework for relating attack surface management (ASM) to vulnerability management and cyber threat intelligence (CTI) improves cyber defense. The framework explains how ASM improves cyber resiliency in proactively detecting and responding to weaknesses that adversaries could exploit to cause unacceptable harm. Defenders should prioritize ASM aligning with the business continuity and enterprise risk management functions. A CTI-driven ASM conceptual framework (CTI-ASM) helps defenders achieve decision clarity on how best to prioritize preventing the most impactful exploitations based on adversaries’ capabilities, opportunities, and intent. Security researchers have applied decision analysis methodology to solve various security challenges generally. Applying decision analysis methodology to CTI-ASM may improve the quality of its implementation and support higher quality CTI. Potentially helpful decision analysis tools and concepts include relevance diagrams, possibility and probability trees, sensitivity analysis, corporate risk attitudes, weighing imperfect information, and accounting for cognitive biases.