Attack Surface Management: State of the Art and Operational Challenges
| Authors | |
|---|---|
| Year of publication | 2025 |
| Type | Article in Proceedings |
| Conference | 2025 IEEE 11th International Conference on Network Softwarization (NetSoft) |
| MU Faculty or unit | |
| Citation | |
| web | https://ieeexplore.ieee.org/document/11080588 |
| Doi | http://dx.doi.org/10.1109/NetSoft64993.2025.11080588 |
| Keywords | network security; attack surface; network scanning; network monitoring;orchestration |
| Description | In this paper, we approach the topic of ASM, place the task in the context of cybersecurity operations, review the current methods, and discuss their issues and challenges. We outline an ASM pipeline consisting of common tasks and review the usability of the existing tools. We pinpoint that there is a trade-off between scope and precision of the existing tools that should be taken into account, namely in medium to large networks. Finally, we formulate and discuss the issues and challenges for emerging network environments, including those involving IoT or OT, volatile environments, or extensive use of cloud computing. Each of these emerging technologies bring novel issues that needs to be approached by ASM, be it improved fingerprinting in IoT and OT, precisely timed scans in volatile environments, or coverage of external services in cloud. |
| Related projects: |