Adding context with Asset Tagging
Security insights need to be actionable to be valuable. Merely identifying the assets in an organization's attack surface is not enough, context is necessary to understand what they are, what they do, and how important they are. Some of this context can be extracted from the assets themselves and Hadrian has built numerous “hacker modules” for this purpose. However contextual elements such as the organization’s structure can not be scanned. Hadrian is launching the new asset tagging feature to enable organizations to add additional context and better manage their attack surface.
Context improves EASM
By understanding how assets are linked together, it becomes easier to determine the potential attack paths that malicious hackers might take. Attackers often exploit vulnerabilities in one asset and then proceed to launch attacks from the new access point. Understanding these paths and connections between assets helps accurately categorize risks and enables more effective defense against attackers.
Contextualizing assets to the broader attack surface also improves risk prioritization. When assets are considered in conjunction with each other, low-risk vulnerabilities can gain higher criticality. For example, an environment containing company credentials might be considered a low-risk vulnerability on its own. However, if an attacker discovers that the database authenticated by those credentials is accessible from the internet, the risk of a data breach becomes imminent.
Hadrian’s sensor network automatically collects contextual information while it conducts asset reconnaissance. For example, Hadrian discovered that a server load for a scheduling program belonging to London Business School (LBS) was balanced across 2 different IP addresses. The need for 2 IP addresses indicated high traffic and that the asset was likely to be important to LBS.
While the context gathered from technology scans is invaluable it is not the complete picture. Valuable context can be provided by the teams that manage their organization’s attack surface.
Asset Tagging adds context
Hadrian’s new Asset Tagging allows users to add their own context to assets. Users can tag assets with any number of assets to increase the context. The tool is completely free-form, users can easily create new tags on the fly for any use case.
Common Asset Tagging use cases:
- Environment type: Labeling assets either Staging / Production / Testing can help prioritize remediation. Risks discovered in production environments can be prioritized over those discovered in Staging environments.
- Business importance: Assigning a tag to Crown Jewel assets makes security teams aware that immediate action is required for any discovered risk. Users choose they could also assign more granular categories for the asset importance, such as high, medium, and low.
- Asset owner: Denoting who is responsible for an asset can help direct risks to the correct individuals or teams. This can save valuable time tracking down the owner and reduce the mean time to remediation.
Hadrian’s Asset Tagging feature is completely customizable. Users can use the tags to leave notes such as “leave port open” to help with the management of the attack surface.
Context is king
Asset Tagging is one of the many ways that Hadrian is integrating context into risk management. The feature makes it easy for teams to add another layer to the information already gathered by Hadrian’s attack surface probes. To learn more and see Asset Tags in action get in touch with one of our experts.