What is attack surface?
Attack surface is the sum of all possible security risk exposures. It can also be explained as the aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware, software, and network components. Tapping into different locations, components, and layers (including hardware/software) of the target system, an attacker can exploit one or more vulnerabilities and mount an attack. In other words, the attack surface can be described as the sum-total of all “attackable touch-points” or security risk exposures on the network.
The chart below represents your attack surface. The x-axis represents all of your assets – everything from network infrastructure such as wifi access points and routers, to managed and unmanaged devices, IoT devices and cloud applications, and more. The y-axis represents the hundreds of attack vectors available to your adversaries, ranging from simple things like weak passwords, to more complex things like phishing, unpatched software, encryption issues, mis-configuration, etc.
For a modern enterprise, this attack surface is massive and hyper dimensional and if we reflect on the complexity of today’s digital landscape, we begin to get some understanding of the challenges involved in attack surface management. For one thing, the enterprise attack surface is constantly expanding, and the threats that target it continuously shape-shift and adapt to the latest in network defenses. This makes bringing the massive scope of an organization’s enterprise attack surface into focus a truly daunting task. Most security leaders, despite their best efforts, can only see a subset of the risks their organizations face and only know some fraction of the assets that exist on the network.
Attack surface management
When designing an attack surface management program, here are some of the key questions you need to ask:
- What are the specifics of our attack surface (our asset inventory and the scope, breadth, complexity of our attack surface)?
- Where are our attack vectors and potential exposures?
- How do we best protect our network from breaches and cyberattacks?
Know what to protect
Bad actors are constantly looking for ways to hack into organizations. They hunt for vulnerabilities on websites, exposed data servers in the cloud, and systems that are connected directly to the Internet with little or no protection. Knowing authorized and unauthorized devices on your network is the #1 control on the CIS Critical Controls List, yet most organizations are very lax about conducting regular asset audits. To keep the organization safe, it is essential to understand the attack surface e.g., all of the ways that the infrastructure is exposed and vulnerable to attack, and then prioritize activities that will help make that attack surface smaller.
Gain real-time visibility
Because your attack surface and breach risk are dynamic and highly complex, real-time visibility is a key strategy in any attack surface management program. If you can’t see a risk, you’re not going to be able to manage it. And if you rely on static assessment tools, you are going to miss serious vulnerabilities as they crop up across your ever-changing risk landscape. For this reason, it’s important that you continually monitor your attack surface in order to discover, track, and manage the assets that attackers target across your entire Internet, mobile, and cloud environments.
Make your attack surface smaller
In cybersecurity, just like everything else, the smaller the target, the harder it is to hit. Here are 5 ways to reduce the size of your attack surface:
- Eliminate complexity
- Visualize your vulnerabilities
- Control your endpoints
- Segment your network
- Prioritize with analytics
Many of today’s data breaches and hacks are caused by basic security lapses rather than highly sophisticated exploits. Starting with good cyber hygiene practices and precautions, users and organizations can keep sensitive data organized, safe, and secure from theft and outside attacks.
Reducing your attack surface starts with understanding your exposures. Having a comprehensive program for discovering, monitoring, and managing your attack surface helps you avoid the most common cybersecurity risks facing organizations today.
Ideally, you will have real-time visibility across your entire risk landscape, systems in place that can spot and stop attacks in their tracks, and processes that enable prioritization so that the most serious risks are eliminated first.
Frequently Asked Questions About Attack Surface
- What is an attack surface?
Your attack surface is represented by all of the points on your network where an adversary can attempt to gain entry to your information systems. Basically, any technique that a human can use to gain unauthorized access to your company’s data via any asset. For a medium to large sized enterprise, the attack surface can be gigantic. Hundreds of thousands of assets potentially targeted by hundreds of attack vectors can mean that your attack surface is made up of tens of millions to hundreds of billions of signals that must be monitored at all times
If you consider a graph, where the x-axis lists all of the devices and apps on your network (infrastructure, apps, endpoints, IoT, etc.) and the y-axis are the different breach methods such as weak and default passwords, reused passwords, phishing, social engineering, unpatched software, misconfigurations etc. – the plot is your attack surface.
- What is attack vectors and attack surface?
Attack surface is the sum-total of points on a network where attacks can occur where an unauthorized user (the “attacker”) can try to manipulate or extract data using a myriad attack vectors. If you consider a graph, where the x-axis lists all of the devices and apps on your network (infrastructure, apps, endpoints, IoT, etc.) and the y-axis are the different attack vectors such as weak and default passwords, reused passwords, phishing, social engineering, unpatched software, misconfigurations etc. – the plot is your attack surface.
Attack vectors are the methods that adversaries use to breach or infiltrate your network. Attack vectors take many different forms, ranging from malware and ransomware, to man-in-the-middle attacks, compromised credentials, and phishing. Some attack vectors target weaknesses in your security and overall infrastructure, others target weaknesses in the humans that have access to your network.
Recommended reading: 8 Common Cyber Attack Vectors and How to Avoid It