Attack surface of an organization
On a high level, the attack surface of an organization comprises many parts, some of which are easy to forget about. Each of these has its own attack surface, and contains possible pathways for attackers to take to achieve their goals.
The main aspects of the attack surface of an organization are listed below:
- Network Perimeters:
The parts of your networks which are exposed to untrusted networks or the internet. Every network has its edge, such as a VPN entry point to a corporate network, or a bastion host of a private cloud network.
- Applications & APIs:
Applications are intended to be exposed, but are often complex and offer lots of opportunity for attackers. These are important parts of your attack surface to regularly test and monitor.
Employee workstations, laptops, and mobile phones. These expose fewer services, but are weak to attacks where the user clicks a malicious link that targets and exploits a vulnerability.
- Other Devices & Servers:
IoT devices, printers, database servers, and all other network connected technologies on your network. It’s all part of your attack surface!
- Human attack surface:
Your employees are just as vulnerable to attack as technology is. Examples are social engineered calls to extract information by pretending to be someone else, or phishing attacks to steal credentials.
- Physical attack surface:
Physical entry points to your premises, and physical entry points to your devices. Examples are the doors to your offices or server rooms, and physical ports on devices, such as USB ports.
- 3rd-party attack surface:
Any other organization which stores or controls sensitive data on your behalf is attack surface as well. If they get compromised, your data is at risk. Equally, supply chain attacks are possible where trusted software which your organization uses becomes compromised and puts you at risk.
Reducing your attack surface
It's a well-accepted security principle that the smaller your attack surface, the lower your risk. So, what can you do to reduce your attack surface?
Let's take the your network perimeter for example. That is, all of your organization's systems which are exposed to the internet, otherwise known as your external attack surface. Reducing this attack surface can be addressed with these steps:
Find your assets. What do you have that needs protecting? This can be a challenging first step, especially for larger or more fragmented organizations.
Set up automated scanning processes to detect services which those assets expose.
Manually review the results of your detections. What is exposed, and is it really necessary to expose it? Where possible - add layers of security on top, e.g. requiring a VPN before reaching an administrative panel.
Secure your attack surface with Intruder
With our attack surface monitoring capabilities, Intruder is solving one of the most fundamental problems in cybersecurity: the need to understand how attackers see your organization, where they are likely to break in, and how you can identify, prioritize and eliminate risk. Ready to get started with your 14-day trial? Or get in touch for more information.