Today’s businesses are constantly investing in technology to ensure efficient and agile operations. This is a positive development, but the practice has also significantly expanded the “attack surface” of the enterprise — including various devices, networks, IT systems and teams, data, and more vulnerable to cybersecurity risks.
This isn’t only true for businesses either; the global attack surface is constantly growing. There are now 40 trillion gigabytes of data on the internet, and this figure grows daily. So perhaps it’s not surprising that an estimated 375 new threats are born every minute.
Organizations may feel that they have strong security defenses for their enterprise networks, but how can they be sure that Joe in Accounting is using the correct protocols while he works from home? Much has been said about the potential pitfalls of a distributed workforce, and the shift has definitely opened up huge holes in network security. Hackers can simply find a vulnerability in a worker’s home computer and use it to sneak onto the company network or cloud applications.
These implications have propelled attack surface management to the top of the list of needs for organizations to keep their business’ critical assets secure.
Understanding Attack Surface Management
An attack surface can be defined as anywhere that an organization is vulnerable to cyberattacks. This includes all possible attack vectors where an adversary can penetrate a system and steal assets. Attack surfaces can contain applications, servers, websites or devices — all the software and hardware that connects to an organization’s network. Attack vectors are the methods by which cyber adversaries attempt to breach the attack surface.
Most organizations have dozens — or even hundreds — of attack vectors. The most common include things such as weak passwords, vulnerabilities, overly permissive identities and misconfigurations.
Given the increasing size and complexity of attack surfaces, and the sheer number of vulnerabilities, it’s important to have a systematic approach for managing these risks.
Attack surface management is one such framework. By creating a comprehensive strategy, organizations can understand the scope of their attack surface, identify the attack vectors, and discover the most effective way to protect their most critical assets. The key goal is to reduce the size of the attack surface to manage defenses and remediations efficiently.
Attack surface reduction can be accomplished through tactics such as:
· Analyzing the attack surface using advanced software tools to better understand the risk to critical assets
· Creating network segmentation
· Improving endpoint control and password management
· Adhering to least privilege principles for access/permissions
· Eliminating outdated or redundant code
· Minimizing the complexity of the IT environment by disabling unused devices and software
· Investing in employee training, which can significantly reduce the odds of human error and help eliminate attack vectors
The Role of Attack Paths
Malicious actors seeking to access data and deploy ransomware and other cyberattacks are not looking at a simple, one-step process: they must first breach the network, then laterally move to the target assets, and finally exfiltrate the data. To do so, they exploit hidden connections between misconfigurations, vulnerabilities, credentials and user activities located throughout the network. These connections form an “attack path,” which hackers use to move throughout the network and to cloud assets until they reach the ‘crown jewels,’ where they can hold sensitive data hostage or conduct a series of malware attacks.
Attack paths have frustrated security professionals for decades and are present in essentially all enterprise networks. The issue is that cyber pros often aren’t aware of the paths, or even the likely entities within a path, as they should be, making remediation more difficult. In many cases, attack paths take unexpected routes, sometimes leveraging cloud entities as a detour within an on-premise lateral movement strategy.
Any attack surface management strategy must include detecting and remediation attack paths. The first step in preventing malicious actors from pivoting and accessing critical assets is to map an attack graph that outlines all possible routes to those critical assets; this number can be in the hundreds or even thousands!
Creating an attack graph enables the identification and prioritization of the “choke points” throughout the network. Essentially, these are the key intersections through which most attack paths must traverse in order to reach the critical assets. By locking them down, security teams can ensure that, even if an attacker enters the network, they won’t be able to access anything important. Many security tools do some form of attack surface management, but they’re missing a key element by not visualizing attack paths and identifying the choke points that make remediation so quick and easy.
Given how rapidly attack surfaces expand in today’s business environment, a better management approach has become crucial. Fortunately, a comprehensive solution that incorporates attack path management is a proven method for safely reducing the attack surface and decreasing the risk of a devastating breach.
