There are many contributing factors that make it difficult to deal with today’s cyber threat landscape. Complex infrastructure, sophisticated threats, cybersecurity talent shortages—these things all matter. Arguably a more important factor, however, is that businesses fail to view security from threat actors’ perspectives and neglect to manage their attack surface. This article takes a deep dive into attack surface reduction and examines five steps to reduce cyber risks.
What is an Attack Surface?
An attack surface is the total number of possible entry points into a network or system that an unauthorized person can attempt to exploit and infiltrate. This attack surface spans digital assets accessible via the Internet and devices only accessible with physical access.
While the physical attack surface is relatively stable and controllable, the digital attack surface changes often and expands widely. The remainder of this article concentrates on the digital attack surface; particularly the external-facing elements because this is where the majority of malicious cyber attacks come from.
Some important reasons that attack surfaces today are more challenging to monitor and reduce include:
- Employees provisioning shadow IT assets without the approval or knowledge of IT departments.
- Complex hybrid infrastructures dissolving traditional network boundaries as businesses migrate more workloads to the cloud.
- Innovative threat actors tweaking their tactics and techniques to come up with new methods of exploiting weaknesses and vulnerabilities.
In fact, the top security operations challenge cited by security professionals and leaders in one report was monitoring security across a growing attack surface.
Attack Surface Visibility
Too often, cybersecurity defense strategies focus on an inside-out perspective. Businesses attempt to put in place controls, devices, and tools that are hopefully all-encompassing enough to prevent people from getting in. But this approach neglects the valuable perspective that comes from viewing the company’s network in the way an attacker actually sees it.
The ever-evolving nature of modern attack surfaces means that without sufficient visibility, gaps emerge without you knowing about them. A misconfiguration might open up a risky port or expose a sensitive database in the cloud.
Without attack surface visibility, threat actors are likely to find and exploit these attack vectors. Seeing as just 9 percent of organizations monitor their entire attack surface, it’s clear more needs to be done to improve visibility.
So, how can you get visibility into your attack surface? One approach is for network security architects or pen testers to manually map out your attack surface. A faster, cheaper, and more dynamic approach uses dedicated software solutions to collect relevant data and keep track of your attack surface. Visibility discovers all the digital assets that attackers see so that you can then take action to identify and remediate their potential intrusion points, including:
- Misconfigurations in servers, ports, cloud permissions, or cloud infrastructure
- Stolen user credentials appearing on dark web forums or Pastebin
- Remote access connections such as RDP or VPN lacking in multifactor authentication
- Vulnerabilities in web applications or APIs
- Source code leaks in repositories such as Github
- Company websites and the SSL certificates used to secure them
Comprehensive visibility is a critical step towards shrinking your attack surface where possible and reducing cyber risks.
5 Steps to Shrink Your Attack Surface and Reduce Risks
With your attack surface mapped out and monitored, follow these steps to reduce the number of potential entry points for intruders to exploit.
Build an Effective Vulnerability Management Strategy
Vulnerabilities in web applications, operating systems, or services listening on ports provide adversaries with low-hanging fruit to exploit and get inside your IT environment. It’s trivial to scan for open ports and any vulnerable services running on them. Technically astute hackers know exactly where to look for vulnerabilities in web applications.
Without proper vulnerability management, there’s a high likelihood that some opportunistic actor will exploit any vulnerabilities in your external-facing systems. Vulnerability management regularly scans for vulnerabilities and helps to prioritize, and fix them, usually by applying a security patch. By dealing with vulnerabilities swiftly, you reduce your attack surface and close off these highly exploitable weaknesses.
Monitor for leaked credentials
News reports from 2020 revealed an astonishing number of stolen passwords circulating on the dark web—15 billion in total. Without other strong security measures in place, stolen credentials provide an easy route into your network.
Monitoring for leaked credentials across the dark web, clear web, and other sources like Pastebin has a high likelihood of paying dividends by shrinking your attack surface. Ideally, you’ll use a solution for this because nobody has the resources to manually monitor for leaked credentials. When you identify leaked credentials, you can move quickly to reset those accounts and close off a potential gap that threat actors would eventually exploit.
Provide effective cybersecurity training and awareness
The extent to which the human factor plays a role in cyber attacks is such that some sources identify a social engineering attack surface. The total number of employees and users on your network provide a surface area through which security errors occur, particularly when threat actors coerce untrained users into making mistakes. This coercion typically falls under the umbrella of social engineering techniques that includes phishing and other manipulative psychological tricks.
Effective cybersecurity training and awareness programs promote a security-first culture that reduces your attack surface. When you equip employees and users with security knowledge, there are fewer possible entry points into your network through social engineering methods.
Enhance authentication security
The simplistic ways intruders gain access to networks often belies the sophistication of many types of cyber attacks. And one of the most common methods of entry is to gain access to an employee’s account either by reusing stolen credentials or otherwise compromising password details.
A case-in-point was the advanced SolarWinds breach which saw Russian threat actors lurk inside US federal government systems for months undetected. Sure enough, the initial access that set this attack in motion began by compromising a Microsoft 365 account.
Strengthening the security of access and authentication is a solid strategy for reducing your attack surface. At the least, require multifactor authentication for logins to important business apps and services so that compromised passwords don’t necessarily mean network intrusions.
Segment your network
Network segmentation breaks your network down into several zones with the aim of tightly controlling traffic between zones. In terms of how this reduces your attack surface, it’s worth a reminder that the attack surface is a view of your network from an intruder’s perspective.
When your network is flat, and every device or server can communicate without restriction, attackers know that they can easily move laterally. When you segment your network effectively, hackers can only intrude into one area, which limits the damage they do.
Understand Your Attack Surface with Flare
Flare’s digital footprint monitoring and external threat protection platform uses AI-powered techniques to manage your company’s external cyber risks. Unparalleled visibility into a disparate variety of leak sources and actionable findings help you easily reduce your attack surface based on what the platform detects.
