* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/) * A CXO's Guide to Attack S... # A CXO's Guide to Attack Surface Management [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fa-cxos-guide-to-attack-surface-management%2F) [](https://twitter.com/share?text=A+CXO%E2%80%99s+Guide+to+Attack+Surface+Management&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fa-cxos-guide-to-attack-surface-management%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fa-cxos-guide-to-attack-surface-management%2F&title=A+CXO%E2%80%99s+Guide+to+Attack+Surface+Management&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/a-cxos-guide-to-attack-surface-management/&ts=markdown) \[\](mailto:?subject=A CXO’s Guide to Attack Surface Management) Link copied By [Michael Heller](https://www.paloaltonetworks.com/blog/author/michael-heller/?ts=markdown "Posts by Michael Heller") Jun 29, 2021 5 minutes [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown) [ASM Top 10](https://www.paloaltonetworks.com/blog/tag/asm-top-10/?ts=markdown) [Attack Surface](https://www.paloaltonetworks.com/blog/tag/attack-surface/?ts=markdown) [attack surface management platform](https://www.paloaltonetworks.com/blog/tag/attack-surface-management-platform/?ts=markdown) [Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown) [Expanse](https://www.paloaltonetworks.com/blog/tag/expanse/?ts=markdown) ## **Introduction** The idea of attack surface management is not new, but how organizations and CXOs need to view their attack surfaces should be updated. Traditionally, IT has looked at an organization's attack surface from the inside out, asking questions like "What are the assets that connect to the wider internet?" and "Where is the perimeter that must be defended?" For better or worse, that view of an attack surface has imploded with the rise of remote work and digital transformation into the cloud. Staff and work are distributed geographically, and new cloud assets can be spun up in seconds. Rather than looking at an organization's attack surface from the inside out, CXOs should be looking from the outside in, asking questions like "What assets in the cloud or belonging to supply chains are connected back to the company network?" and "How many of those assets are unknown?" ## **What is Attack Surface Management?** An attack surface is shifting sand. Between multi-cloud, private and public clouds, inheriting assets via mergers and acquisitions (M\&A), access from supply chain partners and remote workers, it's impossible for IT experts alone to gain footing and keep track of all assets and the people responsible for them. Additionally, focusing on vulnerability management is no longer sufficient for two reasons. First, what a scanner looks for can vary by product and may not catch all risks. Second, vulnerability scans can only check known assets, so any unknown assets will still be vulnerable. Attackers have undergone their own digital transformation and can scan the entire internet for vulnerable systems in less than an hour. Attack surface management (ASM) takes all of this into account to provide a complete inventory of all assets---including IP addresses, domains, certificates, cloud infrastructure and physical systems---connected to an organization's network and maps who in the organization is responsible for each asset. ASM must work at the speed and scale of the internet to continuously discover, identify and mitigate risks across all public-facing assets, whether they are on-prem, in the cloud or operated by subsidiaries and critical suppliers. ## **How does it work?** Traditionally, mapping the assets on an organization's network was a heavily manual and error-prone task. ASM calls for an automated process that can scale to the size and speed of the entire internet. Attackers have undergone their own digital transformation and can scan the entire internet for vulnerable systems in less than an hour. Therefore, defenders must keep pace and ensure their mean time to inventory (MTTI)---the time it takes to inventory all known and unknown vulnerable assets---is faster than the MTTI for attackers. This starts with scanning the entirety of IPv4 space for assets connected to an organization's network and determining which ones need patching, have insecure remote access implementations, exposed databases or other risks. When a previously unknown asset is found, the notification should be routed to the team or individual responsible for securing that asset. Beyond remediating risks, ASM should also focus on reducing an organization's attack surface, so assets that can be decommissioned or segmented from the internet can no longer be targets for attackers. ## **Metrics and actions** Another key item to consider is the rate of the most common vulnerabilities. According to the Palo Alto Networks threat research team, Unit 42™, over the course of the pandemic (Q1 through Q4 of 2020), RDP exposures increased over 27% across all cloud providers. But there was also a 768% increase in RDP attacks during that same time. In separate research by Cortex^®^ Xpanse™, RDP exposures accounted for 32% of all security issues recorded. Exposures of common protocols like RDP are major targets for attackers, especially ransomware groups. Often, the focus in vulnerability management is mean time to respond (MTTR), or how long it takes to remediate a vulnerability once it is found. Unfortunately, the value of MTTR is meaningless when dealing with unknown assets, because those vulnerabilities won't be known until it is too late. Before MTTR can have value, an organization must have a full inventory of assets, and the speed at which that inventory is built should be considered a race. As mentioned earlier, MTTI for attackers is under an hour. Research by Cortex Xpanse puts MTTI for defenders at 12 hours. ![Top security issues based on prevalence](https://partners.wsj.com/paloaltonetworks/the-internet-is-small-for-hackers/wp-content/uploads/sites/628/2021/06/PaloAltoChart_AttackSurfaceManagement_01.jpg?w=937) Having a plan in place to keep the process moving smoothly is essential. Some general actions to keep in mind: * Generate an automated, and continuously updated, single source of truth for all internet-connected assets. * Discover and identify account owners for all previously known and unknown assets. * Find all exposures---vulnerabilities, expired certificates, unsecured remote access protocols, etc. * Automate risk remediation and reporting. * Continue to monitor, discover, evaluate and mitigate risks as the attack surface changes. To close this critical gap, organizations need an automated Attack Surface Management solution that provides a complete and accurate inventory of their global internet-facing assets and misconfigurations to continuously discover, evaluate and mitigate the risks on an attack surface. ## **More Research** For more information on global threats, visit [attacksurfacetop10.com](https://attacksurfacetop10.com/) or download the [2021 Cortex Xpanse Atack Surface Threat Report](http://start.paloaltonetworks.com/asm-report). *This was originally posted on [Wall Street Journal](https://partners.wsj.com/paloaltonetworks/the-internet-is-small-for-hackers/a-cxos-guide-to-attack-surface-management/).* *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Discover your WS\_FTP Exposures with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/discover-your-ws_ftp-exposures-with-cortex-xpanse/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Rage Against the (IP Enabled) Machines: Using Attack Surface Management to Discover Exposed OT and ICS Systems](https://www2.paloaltonetworks.com/blog/security-operations/rage-against-the-ip-enabled-machines-using-attack-surface-management-to-discover-exposed-ot-and-ics-systems/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Accelerate Your Cloud Migration Initiatives with Active Attack Surface Management](https://www2.paloaltonetworks.com/blog/security-operations/accelerate-your-cloud-migration-initiatives-with-active-attack-surface-management/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### How Palo Alto Networks Cortex Helps Federal Agencies Comply with CISA's Binding Operational Directive 23-01](https://www2.paloaltonetworks.com/blog/security-operations/how-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Get Started with Attack Surface Management: Lessons from a Zombie Infestation](https://www2.paloaltonetworks.com/blog/security-operations/get-started-with-attack-surface-management-lessons-from-a-zombie-infestation/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### 2022 ASM Threat Report v2.1: Tending to Your Attack Surface Garden](https://www2.paloaltonetworks.com/blog/2022/07/tending-to-your-attack-surface-garden/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language