Minimizing your attack surface: The key to cyber risk management
Published: December 3, 2019
Think about the “attack surface” of your house. You likely have a few doors and a dozen or so windows you need to protect. Each night before bed, you can easily check your home’s attack surface to make sure every entry point is secure before you go to sleep.
If only your network’s attack surface was as simple to secure. As the totality of entry points into your network, your attack surface can provide literally millions of ways for hackers to get into your organization. Unpatched applications, out of date hardware, and even your employees are all the equivalent of unlocked doors, just waiting for a bad guy to turn the handle.
And the attack surface just keeps on growing. The rapid growth of IoT sensors, internet-enabled equipment, cloud services, remote locations and employees, and mobile devices provide more and more opportunities for cybercriminals to find their way into the network. Meanwhile, many of these new attack vectors weren’t built with security in mind, making them easy to breach. In addition to endpoints, employees are susceptible to sophisticated social engineering attacks, such as phishing.
So how can IT security teams sleep soundly at night? Just like when you’re at home, you need to make sure the “doors and windows” into your network are locked up tight. But the larger the attack surface, the more likely something – or more accurately, many somethings – will get missed. Reducing your attack surface is vitally important to cyber risk management.
While it’s impossible to completely protect your attack surface, there are a number of things you can do to minimize it:
- Improve your visibility into the network: The first step is to gain granular visibility into your network. However, that’s easier said than done. While you likely have a list of software and hardware that you know about, your different lines of business likely have their own applications and hardware that aren’t even on your radar. Automated discovery tools can help you catalog every cloud service, hardware, application and endpoint on your network and then understand their dependencies so you can easily identify problem areas or legacy systems you can move to more-secure cloud services.
- Think beyond your network: It’s not enough to focus on just your website or network security. With secure gateway services like software-defined perimeter, DNS firewalls, and virtual network security solutions, you can identify potential issues beyond the network edge so you can stop them in their tracks before they ever reach your attack surface.
- Make mobile your top priority: Thanks to mobile, your attack surface now extends to every coffee shop, airport, and random location your employees go to. Mobile device management and security solutions can help you automate device deployment, keep data secure, and ensure all devices are up-to-date with patches.
- Keep a close eye on your infrastructure: Today’s enterprise infrastructure has never been more complex. That can make it easy to miss a failing device or the wrong policy configuration. Network security monitoring and management solutions can help you automate your monitoring of device health and device policy management so you can anticipate and respond to threats before you experience an attack.
- Automate, automate, automate: The reality is that your attack surface is more broad and complex than any human can manage. Automated solutions can help vastly reduce your workload by identifying vulnerabilities and deploying patches for you. Meanwhile, machine learning tools are now able to sort through massive amounts of data to discover the tell-tale signs of a breach that a human eye or even some first-generation tools might miss.
- Some things matter more than others: When faced with more vulnerabilities than there is time to fix them, you must remember that not all vulnerabilities are created equal. It makes no sense to spend time worrying about a low-risk issue when a high-risk vulnerability has the potential to cost you in downtime or lost data. Vulnerability assessments and threat analysis can help you prioritize your efforts so that you can protect the most attack surface with the least effort.
While every enterprise will be different, you can learn a lot from how others protect (or fail to protect) their own attack surface. Download the Verizon Data Breach Investigations Report for real-world data on who is getting attacked and the actors, actions, and assets that are present in breaches so you learn what to focus on for your own cyber risk management.