Out of Sight, Out of Mind: Why EASM Is the Foundation of Zero Trust Architecture

September 12, 2022

Endpoint Security & XDR

A hailed cybersecurity buzzword: Zero Trust was born out of the critical need to modernize outdated IT architecture, which assumes that all assets within an organization — and attached to it — should be implicitly trusted. As organizations migrate to the cloud, increase their reliance on third-party vendors and embrace the digital transformation, the Zero Trust market is expected to grow considerably. A recent Global Zero Trust Security Market Report estimated that the market will grow at 14.7% CAGR in the 2021 to 2030 timeframe, bringing in a total revenue of $87 million USD. 

The question is: Are organizations too quick to adopt, creating more security risk instead of mitigating it?

Zero Trust is guided by the continuous re-authentication of the users or, in other words, a complete lack of trust at any stage. Network segmentation prevents lateral movement, assuming “least access” policies as a means of protecting critical assets. The problem arises when companies assess where to apply Zero Trust policies, which can only be implemented on assets a company knows are there. This is only exacerbated when looking at how to revoke an asset or service. While there are extensive guides for managing and deploying new nodes onto IT systems, the same cannot be said for the end-of-life cycle for an asset.

This is a soft spot for modern cybersecurity infrastructure and represents a huge risk as organizations continue to grow their digital footprint, as it’s incredibly easy for teams to lose track of new or pre-existing assets. 

A common thread links each of these challenges: knowing the state of your external attack surface. External attack surface management (EASM) is step 0 for any effective Zero Trust architecture system — here’s why you can’t have one without the other.

Unknown Assets Are Posing Threats Globally, Regardless of Industry or Location

Mapping the digital perimeter is the first step of any security deployment and is especially critical in the case of Zero Trust architectures. Everything from infrastructure, applications, services and providers — including those of any subsidiary companies — must be meticulously cataloged before launching a Zero Trust policy to protect them. 

System users and employees must also be accounted for and their security access classified and cataloged, a process that has become even more essential as companies choose to shift to hybrid and remote working environments.  

Organizations have the choice to apply any security architecture to support IT networks — but without knowledge of what to protect on an ongoing basis, huge security blind spots remain.

You’ve Decided to Adopt Zero Trust Architecture — What’s Next?

Mapping is only the beginning — constant, real-time tracking of the digital footprint is essential to ensuring Zero Trust remains effective. As is the nature of the web, unknown assets too are dynamic and constantly changing. EASM shines light on the blind spots of asset management, tackling critical problems facing cybersecurity teams: human error and unmanaged deployment and configuration of assets. 

Users, applications and infrastructure are the three most critical asset categories Zero Trust policies must be applied to, all of which are supported by EASM. As users continue to transition to remote or at-home work environments, it’s important to keep track of who has access to which systems, and by which means they have access (for example, corporate laptop versus private computer). Now, cybersecurity teams can cross-reference the number of remote employees against how many unique access requests in a day to identify potential risk areas and keep systems secure against malactors. 

While Zero Trust enables secure communications in-office, EASM can help reflect what is exposed in real time and provide a clear list of external-facing applications, users, remote connections and network infrastructure identified. CISOs can now cross-reference this information against those generated on internal systems to confirm their legitimacy, as well as take into account geo-location information that may be abnormal to your system. 

Finally, infrastructure — like routers, switches, cloud, IoT and supply chain systems — can be securely monitored. While Zero Trust is rolled out against every known source, EASM will continuously generate a list of exposed external ports and IT systems for cybersecurity teams to manage.

Manage Digital Growth Securely with CrowdStrike’s Falcon Surface EASM and Zero Trust Solution

Because it supplies robust, actionable insight into the state of any organization’s external attack surface, EASM is the first step in any complete Zero Trust strategy. The huge number of unknown assets in circulation has emphasized the need for the cybersecurity industry to create best practices for offloading communication nodes and prevent them from becoming vulnerable to attack. Thorough mapping of an external attack surface can help to streamline cybersecurity protocol for CISOs and reduce the number of unknown assets overall. The CrowdStrike Falcon® Surface EASM module plays a critical role for CISOs in the transition to Zero Trust architecture. As the leading EASM solution, Falcon Surface maps the web in real time, 24/7, enabling security teams to discover and eliminate unknown exposures and shadow IT risks across all environments with no agents or deployment required. Falcon Surface delivers an up-to-date view of a company’s exposed asset inventory, analyzes and prioritizes every asset, and generates a plan with actionable insights so teams can resolve more issues in less time.

Additional Resources

Related Content