In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization’s assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy.
To keep up with business needs while effectively assessing and managing cybersecurity risk, there are two primary elements that organizations should consider regarding their external attack surface: its size and its attractiveness to attackers. While organizations are typically focused on accounting for the size of their attack surface, its attractiveness is not typically top of mind, though it may have a significant impact on risk.
Attack Surface Size
How many assets are accessible from the outside world?
There is a delicate balance between business needs and security. While there are good reasons to expose more assets to the internet (i.e., for user experience, third-party integrations, and software architecture requirements), the price is an increased attack surface. Increased connectivity ultimately means more potential breach points for an adversary.
The bigger the attack surface is, and the more assets available to the adversary’s “playground,” the more an organization will need to mitigate the risk of exposure. This requires carefully crafted policies and procedures to monitor the attack surface and protect exposed assets continuously. Of course, there are basic measures, such as routinely scanning for software vulnerabilities and patching. However, there are also configuration issues, shadow IT, leaked credentials, and access management aspects to be taken into consideration.
images from Hacker News