Select Page

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important. Let’s look at why it’s growing, and how to monitor and manage it properly with tools like Intruder.

What is your attack surface? #

First, it’s important to understand that your attack surface is the sum of your digital assets that are ‘exposed’ – whether the digital assets are secure or vulnerable, known or unknown, in active use or not. This attack surface changes continuously over time, and includes digital assets that are on-premises, in the cloud, in subsidiary networks, and in third-party environments. In short, it’s anything that a hacker can attack.

What is attack surface management? #

Attack surface management is the process of discovering these assets and services and then reducing or minimizing their exposure to prevent hackers exploiting them. Exposure can mean two things: current vulnerabilities such as missing patches or misconfigurations that reduce the security of the services or assets. But it can also mean exposure to future vulnerabilities.

Take the example of an admin interface like cPanel or a firewall administration page – these may be secure against all known current attacks today, but a vulnerability could be discovered in the software tomorrow – when it immediately becomes a significant risk. An asset doesn’t need to be vulnerable today to be vulnerable tomorrow. If you reduce your attack surface, regardless of vulnerabilities, you become harder to attack tomorrow.

So, a significant part of attack surface management is reducing exposure to possible future vulnerabilities by removing unnecessary services and assets from the internet. This what led to the Deloitte breach and what distinguishes it from traditional vulnerability management. But to do this, first you need to know what’s there.

images from Hacker News