Zero Trust Attack Surface Management: Five Easy Steps

October 4, 2021

  • Zero Trust should be applied to organizational attack surface management (ASM) programs.
  • Kane Lightowler of Palo Alto Networks offers five key steps to deploying effective ASM with Zero Trust.



In May the White House issued an executive order outlining a new Federal Government cybersecurity posture with respect to contractors. One of the key tenets of the order was Zero Trust.


The Zero Trust Architecture security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity. Zero Trust Architecture embeds comprehensive security monitoring; granular risk-based access controls; and system security automation in a coordinated manner throughout all aspects of the infrastructure in order to focus on protecting data in real-time within a dynamic threat environment.


Zero Trust Framework for Attack Surface Management

Zero Trust architecture for traditional networks is well defined, but the model should also be applied to attack surface management (ASM) programs since the attack surface is the foundation for all security deployments.


These five steps can guide deployment of a Zero Trust framework for your ASM practice.


Define the Attack Surface

Comprehensive visibility into all known and unknown assets is crucial before you build out any security practice. Without granular visibility into all assets, including constantly changing cloud assets, it’s impossible to ensure attack surface security. ASM solutions provide a comprehensive accounting of internet-connected assets, and this system of record should be the validation method for your Zero Trust processes.


Establish Traffic Flow Monitoring

Traditional Zero Trust architecture employs inside-out monitoring to capture malicious traffic. However, thanks to the increase in ransomware attacks through publicly accessible command and control nodes, it’s also important to monitor malicious communications using an outside-in approach.


Assign Policies

An asset exposed to the internet isn’t dangerous in itself, but it’s a threat when it’s exposed without being monitored. Organizations must define custom policies that keep them secure and agile. Using a central policy engine to globally enforce policies and alert on violations is crucial.


Automate Prioritization and Remediation

An ASM solution shouldn’t just discover issues, it should also automatically assign them for remediation. Without remediation, an organization cannot secure its attack surface.


Continuous Monitoring

Perhaps the most important component of a Zero Trust architecture is the ability to independently and continuously monitor your attack surface. Your ASM solution must be able to alert on exposed assets and also allow you to verify the successful remediation of a risk.


These five steps help organizations answer the important who, what, when, where and how questions critical to securing their attack surfaces. In the near term, the White House executive order establishes rules governing contractor interactions with federal agencies. But it also shines a light on the path forward for all organizational cybersecurity programs. Attack surface management is a core element of the fight against hackers – today and in the future – and if you don’t have a robust solution in place already, it’s a conversation worth having as soon as possible.

Kane Lightowler
Vice President - GTM Cortex | Palo Alto Networks