attack surface

#
min read

What is an attack surface

An attack surface is the sum total of all possible paths that can be used to exploit a computer system or network

Since any part of a given system has potential to be exploited, the attack surface is simply all possible entry points an attacker can interact with.

Attack surface examples

The concept of attack surface is best explained with examples, and the attack surface varies, depending on what we're looking to protect.

  1. Network: The attack surface of a network is the collection of all possible entry points into that network. Take a corporate environment, for example. Typical entry points would be things like VPN servers, and remote access services. There may also be other exposed servers, such as application servers, or other on-premises servers which need to be exposed to the internet. Each of these devices will expose certain ports and services, which attackers can aim to exploit.
  2. Web application: The attack surface of a web application is the sum total of accessible pages, API endpoints, and exposed services which allow an attacker to interact with the application. Think of all possible inputs into your application: submittable forms, or API requests that the browser makes to the server - that's its attack surface.
  3. Devices (endpoint): Another example of attack surface are the physical hardware devices used by your organization. For example, employee workstations, mobile devices, and laptops. Some of these will move in and out of your networks – providing attackers with additional opportunities to interact with them. Learn more about endpoint security.

Sign up for your free 14-day trial

7 days free trial

Attack surface of an organization

On a high level, the attack surface of an organization comprises many parts, some of which are easy to forget about. Each of these has its own attack surface, and contains possible pathways for attackers to take to achieve their goals.

The main aspects of the attack surface of an organization are listed below:

  1. Network Perimeters: The parts of your networks which are exposed to untrusted networks or the internet. Every network has its edge, such as a VPN entry point to a corporate network, or a bastion host of a private cloud network.
  2. Applications & APIs: Applications are intended to be exposed, but are often complex and offer lots of opportunity for attackers. These are important parts of your attack surface to regularly test and monitor.
  3. Endpoints: Employee workstations, laptops, and mobile phones. These expose fewer services, but are weak to attacks where the user clicks a malicious link that targets and exploits a vulnerability.
  4. Other Devices & Servers: IoT devices, printers, database servers, and all other network connected technologies on your network. It’s all part of your attack surface!
  5. Human attack surface: Your employees are just as vulnerable to attack as technology is. Examples are social engineered calls to extract information by pretending to be someone else, or phishing attacks to steal credentials.
  6. Physical attack surface: Physical entry points to your premises, and physical entry points to your devices. Examples are the doors to your offices or server rooms, and physical ports on devices, such as USB ports.
  7. 3rd-party attack surface: Any other organization which stores or controls sensitive data on your behalf is attack surface as well. If they get compromised, your data is at risk. Equally, supply chain attacks are possible where trusted software which your organization uses becomes compromised and puts you at risk.

Reducing your attack surface

It's a well-accepted security principle that the smaller your attack surface, the lower your risk. So, what can you do to reduce your attack surface?

Let's take the your network perimeter for example. That is, all of your organization's systems which are exposed to the internet, otherwise known as your external attack surface. Reducing this attack surface can be addressed with these steps:

  1. Discover: Find your assets. What do you have that needs protecting? This can be a challenging first step, especially for larger or more fragmented organizations. Learn more about asset discovery tools.
  2. Detect: Set up automated scanning processes to detect services which those assets expose.
  3. Reduce: Manually review the results of your detections. What is exposed, and is it really necessary to expose it? Where possible - add layers of security on top, e.g. requiring a VPN before reaching an administrative panel.

Secure your attack surface with Intruder

With our attack surface monitoring capabilities, Intruder is solving one of the most fundamental problems in cybersecurity: the need to understand how attackers see your organization, where they are likely to break in, and how you can identify, prioritize and eliminate risk. Ready to get started with your 14-day trial? Or get in touch for more information.

Sign up for your free 14-day trial

7 days free trial