Activities

What is an attack surface?

An attack surface describes all of the different points that an attacker could get into a device or a network and where they could extract data out. Organizations must constantly monitor their attack surface to identify and block potential threats as quickly as possible. They must try to minimize the attack surface area to reduce the risk of cyberattacks succeeding. The smaller the attack surface, the easier it is to protect.

Why is attack surface management important?

It helps users to:

Identify which parts of the system needs to be reviewed/tested for security vulnerabilities
Identify high-risk areas that requires in-depth protection
Identify changes and any new attack vectors (means by which an attacker can gain access to a computer/network e.g. malware, email attachments) that have been created in the process
Mitigate against cyberattacks

Cyber-physical attacks require the following 3 conditions to succeed:

System Susceptibility (Value & Vulnerabilities)
Threat Capability (Tools, Techniques & Resources)
Threat Accessibility (Logical/Physical Reachability to Attack Surface)

By denying one or more condition, it will result in the failure of the attack. Looking at the 3-Tenets Model of Cybersecurity, the first two conditions, i.e. system susceptibility and threat capability are often easily met. Under system susceptibility, every system has vulnerabilities/loop-holes that can be exploited. Even fully patched systems are still susceptible due to the features implemented. Under threat capability, there are many free resources/tools for attackers to improve threat capability. As a result, it is costly for organizations to protect itself against every possible attack tool/resource due to the large number that are available online. Hence, the best option would be to tackle the condition of threat accessibility by limiting the number of possible ways an attacker could access the system.

How to reduce & monitor attack surfaces?

There are several ways to reduce the attack surface:

Reducing the number of code that is running in the system/server - less code means fewer software bugs and vulnerabilities
Network segmentation - minimizes the size of the attack surface by adding barriers that block attackers. Eg. Zero-Trust approach/mentality.
SDN segmentation - uses software-based controllers or APIs to communicate with underlying hardware infrastructure and direct traffic on a network. A SDN network delivers visibility into the entire network, providing a more holistic view of security threats. The network can be divided into separate zones, thus allowing compromised devices to be immediately quarantined so that they cannot infect the rest of the network.