Our goal as cyber-defenders is to look at our organizations from the cyber-attacker’s viewpoint, reduce the attack surface, and reduce the impact of a cyber-attack. Here are seven important steps to include in your Attack Surface Management program:
Cyber-defenders need complete visibility into the assets an organization owns, both external and internal, to have any hope of effectively defending their organization from cyber-attacks. The attack surface is made up of all the assets, managed or unmanaged, that have access to an organizations data. Assets must be continuously monitored for threats, and risks need to be prioritized and mitigated as they are identified.
Organizations that follow these seven steps will be better positioned to reach their goals, keeping organizations up and running without incident:
1. Conduct asset discovery
By using the same reconnaissance techniques that attackers do, organizations can determine what the unknown unknowns are. Evaluate and monitor the external attack surface (anything accessible from the Internet), the internal attack surface (anything accessible from the LAN), and assets housed on partner or third-party sites (your supply chain) to have full visibility into the company’s attack surface and its risk of attack.
2. Continuously test
The risk of new vulnerabilities and misconfigurations continues to grow everyday as new devices, users, workloads, and services are added to the network.
3. Identify business context and ownership
In order to prioritize fixes, assets need to have some context like IP, type, in use, purpose, owner, connections to other assets, and the vulnerabilities contained within the asset.
4. Prioritize asset vulnerabilities
Once you've gained that context around the assets and their potential attack vectors, determine where to focus the remediations team’s efforts via ease of exploitation, discoverability, attacker priority, and remediation complexity to prioritize the most urgent risks.
Remediate risks
None of the previous steps mean much if organizations aren’t able to remediate or mitigate the risks. Finds ways to facilitate and even automate the information handoff from the tools and teams that understand the risks and their priorities.
Eliminate complexity, segment the network, implement a zero-trust security model Complexity is the enemy of security. Complex information systems can lead to users having access to resources they normally shouldn't have access to. Firewalls, micro-segmentation, and a least-privilege model will greatly reduce the attack surface.
Train employees Employees are the first line of defense. Over 80% of data breaches occur due to account compromises. Protecting the identities of your employees and training them on the security awareness topics is extremely important.
An organization's attack surface is ever expanding. Many organizations have significantly increased their attack surface over the last few years for two key reasons. First, companies are increasingly moving to cloud-based services. Second, more and more people working from home, which means their home network and personal devices are accessing corporate data. Designing a robust Attack Surface Management program is more important than ever.