Eyeglass Solutions Publication2

Superna Data Attack Surface Manager

Home

Overview

Superna's Data Attack Surface Manager (DASM) solution delivers a revolutionary data-centric approach to Vulnerability Management by enhancing visibility into the Data Attack Surface. Through integrations with leading vulnerability management platforms like Tenable, Rapid7, Microsoft Vulnerability Management, Armis, and Qualys, DASM enables organizations to prioritize and remediate risks based on actual data exposure, rather than generic device risk scores.

The Future of Vulnerability Management

As cybersecurity threats evolve, traditional vulnerability management must transform into a continuous, data-centric discipline. The future of vulnerability management is rooted in Continuous Threat Exposure Management (CTEM), a strategy that shifts from reactive to proactive security operations.

Superna’s vision for this future emphasizes a data-first approach, recognizing that breaches often start with users accessing data—not just device vulnerabilities. By integrating behavioral insights, contextual data risk, and automated enforcement, organizations can dynamically adjust their security posture in real-time.

Key trends shaping the future of vulnerability management include:

Real-time visibility into host and user data interactions.
AI-driven prioritization of risks based on data exposure rather than just CVE scores.
Autonomous enforcement of compensating controls to block risky behavior.
Integration across ITSM, SIEM, EDR, and vulnerability management platforms.
Support for zero-trust architectures by validating every host and user before granting access to data.

Ultimately, vulnerability management will become an active defense layer—less about scanning for issues, and more about continuously adapting to threats based on dynamic, data-informed decision making. Superna’s DASM platform is a cornerstone in building this future.

Business Challenge

● Organizations struggle with traditional vulnerability management solutions that fail to prioritize data risks effectively, including:

● Inaccurate vulnerability scoring, ignoring user access patterns, data classification and data protection

● 50% of the attack surface missed by not considering user identities

● Reactive threat response instead of proactive risk management

● Blind spots due to lack of real-time attack surface discovery

● Inability to enforce real-time mitigation and compensating controls

● Lack of Zero Day vulnerability protection

● Missing a data-centric view of assets and risks

Solution

Superna Data Attack Surface Manager uses AI-driven risk prioritization at the data layer to enhance traditional vulnerability management. Security teams can proactively identify and automate the mitigation of high-risk assets & users by analyzing data permissions, user access behavior, PII data classification, host risk scores, and user attack surface intelligence.

● DASM is purpose-built for Continuous Threat Exposure Management (CTEM), giving security teams the tools to:

● Visualize the Data Attack Surface in real-time based on User access through hosts

● Identify and score high-risk hosts and users based on access to sensitive data

● Apply compensating controls to block risky access and prevent Zero day attacks

● Accelerate vulnerability scan frequency for critical assets

● Reduce mean time to detect (MTTD) and respond (MTTR) to threats

Value

The integration helps security teams to:

● Prioritize remediation based on actual data risk rather than device risk scores, reduce time and resources spent on remediation

● Identify high-risk hosts and users in real-time to gain an advantage over adversaries

● Implement automated compensating controls to block data access from vulnerable assets to strengthen Your Data Security Posture

● Measure risk with deep understanding of the classification risk within the data itself

● Improve mean time to detect (MTTD) and mean time to respond (MTTR) for critical vulnerabilities.

● Enable Active Defense to protect data from zero-day vulnerabilities

● Gain asset visibility to regulatory data risk and exposure

Features

● Data Attack Surface Visibility: Identifies high-risk users and hosts with privileged access to sensitive data.

● Data-Centric Risk-Based Prioritization: Uses AI to score hosts and users based on data exposure risk.

○ User access behavior patterns and permissions

○ Host risk assessment based on data exposure

○ PII, PHI & Financial Data Classification of hosts and users accessing high risk data

● Automated Remediation: Blocks data access from high-risk assets until vulnerabilities are mitigated.

● Dynamic Data Shield (DDS): Enforces security policies to prevent untrusted hosts from accessing data.

● Integration with ITSM & SIEM: Automates security incident creation and remediation tracking.

Integrations with 3rd Party Vulnerability and Exposure Assessment Platforms

To learn more about configuration and administration & Operations for supported 3rd party platforms click the links below.

Summary of Requirements and High-Level Steps

System Requirements

Eyeglass VM: OpenSuse 15.5 or 15.6
Editions Required: Data Security Edition
Vulnerability Management Scanner Supported Integrations:
- Tenable Security Center, Rapid7 InsightVM, Crowdstrike, Armis
VM Resource Requirements: Minimum 8 vCPUs, +8 GB RAM, 100 GB additional disk
Firewall: Open port 5001 TCP for WebUI access to the Eyeglass VM

Optional Requirements

DR Edition if licensed will allow for Data DR status to be included in the AI model training data

Installation & Configuration Steps

Provision the Eyeglass+DASM Host and increase CPU, memory, and disk.
Install DASM software and extract packages to /mnt/DASM_data.
Update environment variables including vendor integration settings.
Configure WebUI and SSL certificates, and open required ports.
Collect training data, preprocess, and train machine learning models.
Configure cron job for live detection phase and start the detection services.
Access the WebUI dashboard and download reports as needed.

How it Works

Data Access Discovery: DASM continuously monitors data access and host-user interactions.

Risk Scoring: AI-driven models analyze vulnerability data and access patterns
Threat Detection & Prioritization: High-risk users and hosts are identified in real-time and synced into a Dynamic Asset in Security Center Plus, providing a single location to view all data attack surface hosts.
Tenable Security Center integration: Creates a Dynamic Asset listing all the IP addresses of Data Attack Surface hosts identified by the DASM AI model. This asset list can be used to launch scans on a more frequent basis to ensure these hosts have the most up to date information and are used for remediation prioritization planning.
Compensating Controls Activation: (optional) If a host or user is deemed high-risk, access to sensitive data is blocked until remediation is complete. This applies a real-time data blocking permission to the underlying storage that blocks access to data.
Automated Remediation & Reporting: (Optional) ITSM integration creates tickets regarding offense compensating controls that have been actively applied.
Continuous Monitoring & Policy Enforcement: Security teams receive updates on autonomous mitigation progress.

Chapter 1: Understanding the Data-Centric Attack Surface

In modern cybersecurity, the attack surface is no longer limited to endpoints and networks. A data-centric approach to Continuous Threat Exposure Management (CTEM) recognizes data as a high-value target. Attackers often seek to exfiltrate sensitive data rather than merely compromise infrastructure.

Administrators must understand how data is stored, accessed, and shared across environments. Key considerations include:

Mapping data locations across NAS, SMB shares, NFS exports, and cloud storage.
Identifying which users and systems interact with critical data.
Visualizing data flows and access relationships.

This foundational knowledge enables a proactive approach to managing exposure and reducing risk.

Chapter 2: Data Exposure Scoring & Classification

Our platform includes a powerful exposure scoring engine and integrated data classification. Each file or data set is evaluated for sensitivity and exposure using the following factors:

File content classification (PII, PHI, financial, confidential).
Number and types of users with access.
Access frequency, type and anomalies.

Administrators can:

Configure classification policies using built-in or custom rules (future release).
Set scoring thresholds to identify high-risk data (future release)

Tuning classification helps reduce noise and focus on meaningful risks. The platform samples active users on high risk hosts to focus your risk on the most likely breach scenarios.

Chapter 3: User Behavior Analytics (UBA) for CTEM

UBA provides context to data exposure by analyzing user behavior. Key capabilities include:

Tracking read/write/delete activity across data shares.
Identifying mass access or modification events.
Flagging off-hours or geolocation anomalies. For example, a user starts logging into multiple machines indicates a lateral movement or identity breach.

Risk scoring is assigned to users based on deviation from typical behavior. Admins can:

Receive alerts for anomalous behavior tied to sensitive data.

UBA integrates with the attack surface AI model to ensure high risk users influence high risk host selection.

Chapter 4: Threat Surface Mapping for Unstructured Data

Our platform maps the threat surface by analyzing unstructured data access and relationships. Features include:

Full inventory of shares and export paths.
Permission mapping per user/group.
Graph-based visualization of user-to-data exposure paths (future release)
Identification of toxic high risk combinations (e.g., domain user access to sensitive finance data).

Admins can generate blast radius reports to determine: (future release)

Which users could access what data if compromised. This is based on malware spreading simulation models that identify users and hosts that would result in rapid infection across a group of machines that use shared access to storage.
Lateral movement potential based on access paths.

Chapter 5: Continuous Risk Assessment Cycles

Our CTEM compliant implementation is aligned with the five-stage model:

Scoping – Define which storage devices to monitor.
Discovery – Automatically inventory shares/exports, users, and access events.
Prioritization – Use Superna’s patented AI scoring model to highlight highest-risk exposures.
Validation – Confirm exposure risk through data classification.
Mobilization – Take action to reduce exposure or alert stakeholders or trigger remediation tickets and higher frequency VM scans

Admins can:

Schedule weekly or daily assessment cycles of the data attack surface within the Vulnerability scanning vendors product based on custom tags or Assets that group the high risk hosts that represent the “Data Attack Surface”
Configure alerting integrations when new hosts appear within the Data Attack Surface. A new host may indicate a breach of a user identity.

Chapter 6: Automated Remediation Playbooks

To support rapid Incident Response, our product includes remediation playbooks that can be triggered from SIEM/SOAR platforms. The Data Attack Surface Manager GUI allows hosts to be blocked or unblocked which applies a user storage access aware policy that denies the hosts from data access until remediation of the vulnerabilities can be completed.

NOTE: Superna Cyberstorage IR playbooks must be installed.

Available actions:

Revoke/restore user data access from SIEM/SOAR
Quarantine or isolate high risk vulnerable hosts (DASM GUI)
Create Immutable Snapshots of critical Data

Admins can:

Configure Dynamic Data Shield policies that block host data access if the Data Risk Profile exposure is > 80%.

Chapter 7: Data Exposure Intelligence Dashboards

Our dashboards offer a real-time view of data exposure across the environment. Key widgets:

Top 10 exposed users
Top 10 high risk hosts
Mean Time To Remediate high risk data attack surface hosts
Mean Time to Discover high risk data attack surface hosts
Risk data classification breakdown by Share/NFS export, users and hosts

Admins can:

Export dashboard reports to PDF or CSV.

Chapter 8: Minimum Permissions Analysis

To improve Data Security Risk Posture, our platform can identify over exposed data on NAS systems:

Identify users that do not access SMB or NFS shares and could be removed from the security configuration. Ensuring minimum permissions best practices are applied.

Admins can:

Identify Shares / Exports and users that have access but have not accessed the data within the last 30 days. Using this information, security can be hardened based on data access patterns.

Chapter 9: CTEM (Continuous Threat Exposure Management) for Compliance and Governance

Data-centric CTEM helps organizations align with data protection frameworks:

HIPAA: Monitor PHI exposure.
GDPR: Track and restrict access to EU citizen data.
ISO 27001: Maintain secure access controls.

Compliance features:

Custom Tagging of hosts based on Data Risk Profile scores allows Risk officers to understand where the data risk exists within the infrastructure using Vulnerability management tools supported by Superna Data Attack Surface Manager.
Audit trails of all user and admin actions are retained for long term storage and historical reporting of data access with Data Security Edition.
User Data Access database Retention policy enforcement with Data Security Edition

Admins can:

Generate evidence reports of user data access and Data Attack Surface report that shows the high risk hosts and user identities (Data security Edition, Data Attack Surface Manager)
Generate a data classification report of high risk hosts and users that access PHI data (Data Attack Surface Manager)

Chapter 10: Machine Learning AI Models for Threat Prediction

Our platform uses AI models to predict high-risk users, and systems:

Features include access frequency, time of access, type of access (read, write), anomalies user activity, Data classification risk, User permissions, Data protection status (DR or cyber vault protected) and host vulnerabilities.
Models continuously train on historical access logs and vulnerability scanner reports on CVE’s and other vulnerabilities
Predictions highlight potential insider threats or compromised accounts.

Admins can:

View prediction confidence levels.
Use predictions to trigger proactive mitigations.
Sync Data Attack surface data into 3rd party vulnerability management platforms