NRI Secure Technologies
NRI Secure launches “Managed ASM Service” that grasps IT assets accessible from the Internet and continuously detects and evaluates risks such as vulnerabilities
Supports minimizing unknown IT assets and increasing the
sophistication of risk management
……
NRI Secure Technologies Co., Ltd. (hereinafter referred to as “NRI Secure”) offers a “Managed ASM[i]” service that searches for a company’s IT assets that have been disclosed to the outside world and performs risk assessments on detected IT assets from an attacker’s perspective. service (hereinafter referred to as this service) will begin to be provided from today. Enhance risk management by
identifying IT assets that have been disclosed to the outside, including those that were previously unknown, and clarifying whether they have exploitable vulnerabilities. I can.
■Security breaches via externally exposed IT assets are increasing. There are an increasing number of cases in which attackers are exploiting the gaps and cracks (attack surfaces) in the Internet perimeter that have expanded with the increase in IT assets and the spread of cloud computing. In May 2023, the Ministry of Economy, Trade and Industry will issue guidelines related to ASM (Attack Surface Management), “ASM Implementation Guidance” [ii], and it is thought that the concept of ASM will become widespread among Japanese companies in the future. .
■Overview and features of this service
This service centrally provides detection of IT assets and
vulnerabilities, multifaceted risk assessment of vulnerabilities, notification and reporting to companies, and advice on recommended countermeasures.
The steps to implement this service are as follows.
1. Understand IT assets exposed to external parties
By using various tools to understand the overall picture of IT assets that are exposed to external parties based on company name, domain, and IP address information, we minimize the amount of IT assets that are not understood. .
2. Vulnerability detection
It collects and visualizes information on external public services such as OS and product version information used by discovered IT assets, public ports and available management consoles, and detects underlying vulnerabilities.
3. Achieve continuous risk assessment
For detected vulnerabilities, NRI Secure consultants who are familiar with the latest security technology, best practices, and threat trends perform a multifaceted risk assessment to determine whether the vulnerability is easy to exploit from an attacker’s perspective. I will do it. It helps prioritize countermeasures by visualizing vulnerabilities with high response priority, public services that are easily attacked, unintentional disclosure of management consoles, and other security setting deficiencies.
Diagram: Image of managed ASM service provision
[Image: https://prtimes.jp/i/52432/142/resize/d52432-142-fdfb455d618589624dbf-0.png&s3=52432-142-8772de7bb8f8f448ebb60e773ded1cb6-1279×555.png ]
For more information about this service, please refer to the following website. https://www.nri-secure.co.jp/service/consulting/asm
In addition, by combining it with the “Managed Threat Information Analysis Service”, it is also possible to provide continuous monitoring, evaluation, and reporting of cyber threats based on IT assets (optional service).
NRI Secure will continue to provide a variety of products and services that support information security measures for companies and organizations, contributing to the realization of a safe and secure information system environment and society.
[i] ASM (Attack Surface Management): A series of processes that discovers IT assets that are accessible from outside the organization (the Internet) and continuously detects and evaluates risks such as vulnerabilities that exist in them.
[ii] ASM implementation guidance: Guidelines related to ASM issued by the Ministry of Economy, Trade and Industry in May 2023.
https://www.meti.go.jp/press/2023/05/20230529001/20230529001-a.pdf More details about this release:
https://prtimes.jp/main/html/rd/p/000000142.000052432.html