UK National Cyber Security Centre,ACD 2.0 exploration into attack surface management completed

NCSC completes ACD 2.0 exploration into attack surface management

27 January 2025

The National Cyber Security Centre (NCSC) has completed its exploration into attack surface management (ASM) as part of its Application Composite Discovery (ACD) 2.0 programme.

ASM provides organisations with a holistic view of their entire attack surface, enabling them to identify and mitigate risks more effectively. The NCSC’s exploration aimed to develop a better understanding of the challenges and opportunities associated with ASM, and to provide guidance to organisations on how to implement and use ASM tools and techniques.

The exploration involved a review of existing ASM tools and techniques, as well as a series of workshops and interviews with organisations that are using ASM. The NCSC also developed a prototype ASM tool, which was used to assess the attack surface of a number of organisations.

The exploration found that ASM is a valuable tool for organisations of all sizes. It can help organisations to:

• Identify and mitigate risks more effectively
• Improve their security posture
• Reduce the likelihood of a successful cyber attack

The NCSC recommends that organisations consider implementing ASM as part of their overall cyber security strategy. Organisations should start by assessing their current attack surface and identifying any areas of risk. They should then select an ASM tool that meets their needs and implement it according to the vendor’s instructions.

The NCSC will continue to provide guidance and support to organisations on ASM. The NCSC has published a new report on ASM, which is available on the NCSC website. The NCSC also offers a range of services to help organisations with ASM, including:

• ASM assessment service: This service can help organisations to assess their current attack surface and identify any areas of risk.
• ASM implementation service: This service can help organisations to implement an ASM tool and integrate it with their existing security systems.
• ASM training: The NCSC offers a range of training courses on ASM.

For more information on ASM, please visit the NCSC website.

ENDS

Notes to editors:

• The National Cyber Security Centre (NCSC) is a part of GCHQ. Its mission is to make the UK the safest place to live and do business online.
• The Application Composite Discovery (ACD) 2.0 programme is a cross-government initiative to develop a new generation of tools and techniques for identifying and mitigating cyber threats.
• Attack surface management (ASM) is a process of identifying, understanding, and mitigating risks associated with an organisation’s attack surface.
• The NCSC’s ASM report is available at: [link to report]
• The NCSC’s ASM assessment service is available at: [link to service]
• The NCSC’s ASM implementation service is available at: [link to service]
• The NCSC’s ASM training courses are available at: [link to training]

The AI has provided us with the news.

I’ve asked Google Gemini the following question, and here’s its response.

UK National Cyber Security Centre a new article on 2025-01-27 11:16 titled “ACD 2.0 exploration into attack surface management completed”. Please write a detailed article on this news item, including any relevant information. Answers should be in English.

49