If you’ve ever wondered, “What is ‘the attack surface’ all about?” you’ve found the perfect article- so please keep reading
An attack surface is anywhere that your organization is vulnerable to hacking or other malicious behaviour. It includes any point of access within your systems that someone can breach before stealing your most business-critical assets.
Size and complexity play an important role in defense. After all, securing a vast complex of buildings on a 1,000-acre site is a stiffer challenge than securing a single-family home. There are more places to observe, more spots to hide and more points of entry.
Computing environments are much the same. The larger the attack surface, the bigger the challenge for defenders. Making things even more challenging is the fact that telecommuting, cloud computing and other advances have helped expand attack surfaces dramatically in recent years.
So what’s the most effective way to put your attack surface on a diet?
Let’s take a closer look at some attack surface reduction best practice guidelines.
Step One: Use a Local Firewall and Be Judicious with Ports
It’s important to make it difficult for attackers to not only penetrate your networks, but also to move laterally from asset to asset if they do manage a breach. Organizations should also take pains to isolate networks when possible. Many internal networks have zero reasons to stay connected.
Using a firewall and preventing ports from staying open unnecessarily is a good way to make it far more difficult for adversaries to be successful.
Step Two: Reduce Complexity
Most systems grow more complex over time. In the case of computing environments, this added complexity results in greater vulnerability. This means more technical policy mistakes, rules that no longer serve a function, or rule definitions that are too permissive and have no real impact on business operations.
By curtailing these developments and limiting unnecessary complexity, you can help minimize the attack surface and protect your assets from malicious actors.
Step Three: Visualize Vulnerabilities
Vulnerability scanners help identify weak points, but they have limited utility when it comes to revealing the bigger risk picture. For that, you need to know not only where you are weak, but how an attacker could exploit that weakness. Attack vector analysis can help illuminate these risks. By modeling the attack surface and simulating possible attacks, you can get a much deeper window into your true risk level by seeing through the eyes of an adversary.
Step Four: Keep All Software Up to Date
One of the primary reasons that new vulnerabilities pop up continuously is because hackers exploit older versions of software that have yet to be updated. In fact, the majority of successful breaches take advantage of failed updates.
To minimize attack surface access, it’s important to avoid taking a reactive position with regard to regular updates. Don’t wait until a vulnerability is found. Instead, update on a regular schedule and assume any software without a recent update is vulnerable. It’s also a smart idea to auto-update if possible.
Step Five: Practice Good Endpoint Control
If you want to limit the risk associated with endpoints, you need to have visibility into what is occurring on those endpoints. Monitoring endpoints, network connections and user behavior to see if anything is deviating from the norm is essential for threat detection and risk mitigation. Additionally, you may wish to limit what endpoints can do by instituting network policies.
Step Six: Maintain Security Awareness
The majority of cyber attacks start with phishing attempts. Make sure to monitor and detect phishing, spam, and malicious links. In addition, maintain your employees’ security awareness through security exercises and appropriate training.
Other Smart Tips to Make Your Attack Surface More Svelte
Now that we’ve given you six steps to help you minimize attack surface area, let’s do a quick rundown on some other changes to consider:
● Don’t install or run services you don’t need
● Sanitize your configurations and outputs
● Segment your network
● Create robust user access profiles and authentication policies
● Assume zero-trust — don’t allow access until identities are validated
Technology can play a critical role in helping reduce your attack surface by providing deep visibility into vulnerabilities and showing how attackers can leverage them to jeopardize your crown jewel assets. Instead of waiting for scheduled scans, a better idea is to maintain a continuous view that exposes all attack vectors and provides critical context through attack simulations. This will help you focus on the one-percent of threats that truly matter.
About the Author
David Witkowski is the Director of Sales Engineering at XM Cyber. He has over 25 years of security experience, having managed proactive cyber security posture management implementations for many of the world’s largest global financial institutions, major manufacturing, and retail companies. Before his 16 years at Skybox, David assisted clients to implement defense in depth security architectures, worked on the client side to improve cyber security defenses, and worked on security research at Bell Labs, including the fundamentals of securing cloud computing.
Featured image: ©Ivanzkart