The Evolving Attack Surface

What Exactly is an Evolving Attack Surface and Why Does it Matter?
Read full Whitepaper

A viable ASM solution would have prevented some of the largest cyber-attacks reported in 2021. You cannot protect what you cannot see.

An evolving attack surface is a very evocative phrase. It almost suggests a science fiction-type futuristic world where menacing aliens have the power to morph your protective barriers and leverage them for easy access to your internal, unprotected assets. However, in 2022 for the typical Enterprise Vulnerability Management (VM) team, this suggestive image of a morphing attack surface is not a far stretch. The interesting twist is that the evolving nature of your attack surface is not the handiwork of an external actor, but rather, it evolves as your business sets up new web-based services and ever-expanding digital transformation exercises. The evolving attack surface is generated by your Enterprise’s need to create new strategic routes to market and deliver innovative and competitive services to your clients. So, the question is – If the enterprise creates its own attack surface exposures, why is it so difficult to manage? And why does it matter? 

 

Attack Surface Management is Hard and It Really, Really Matters 

  1. “Evolving” Attack Surfaces Presents a Challenge – Continuous attack surface changes create the threat of potentially new exposures. These exposures could be the result of deploying new systems and servers with control measures that are not set up properly or a key service that is inadvertently exposed. It could be something at the administration level, like not configuring the services securely or it could simply be human error, exposing unintended services involved with new and rapidly expanding cloud service deployments. These inadvertent exposures are the golden moments of opportunity for a would-be attacker.
  2. The Attack Surface is Incredibly Wide – Just as Enterprise business direction adapts on the fly to new market conditions, so too does its internal and client-facing IT services. They are constantly changing. The way the attack surface changes is wide and varied – and the chance of human error with every new exposure is equally mixed. Anything facing public internets introduces potential attack surface exposures including:
    • Cloud
    • Data Centers
    • Firewalls
    • IOT devices
    • Servers
    • Services
    • API’s

      Basically, any endpoint exposed to the public Internet is attackable – hence the need for vigilant Attack Surface Management (ASM).

  3. You will always have to Manage Risk – for each Enterprise, there are types of exposures – IP’s and Web Applications for example – that are intended to be exposed to the internet. This is specifically what they are used for – public access. Of course a business like eCommerce requires online purchases for their revenue goals. Out of the gate, a comprehensive Attack Surface Management (ASM) solution is required. But even traditional businesses like Government, Manufacturing and Agriculture are rapidly rolling out digital transformative offerings to become competitive. This means they continue to expose more services to the internet to access new streams of business. While this is a calculated decision to allow new public access – now an additional layer of managing attack surface exposure is introduced.
  4. Archiving Surface Management – Time is not our Friend – Visibility is of paramount importance in cyber security. We cannot secure what we cannot see. The longer a business allows old services to continue, the larger the window of exposure. While there is not a consistent pattern or explanation, it turns out that legacy services and their related exposed surfaces become more vulnerable over time. Allowing old services to persist is not playing it safe – it is introducing your organization to a larger window of exposure and in most cases, completely unnecessary risk. It turns out that in 2021, the average age of exposure used to breach was one-to-three years (Edgescan 2022 Stats Report). So if these Enterprises had a viable ASM solution – meaning they had identified and closed the avenue of attack earlier – the majority of these hacks could have been avoided.
  5. So Why Does it Matter? – It turns out that large, recent breaches are a result of not managing attack surface properly. Many recent high profile Ransomware attacks were a direct result of letting one’s guard down managing their attack surface. To illustrate the significance, consider that in the 2021 Colonial Pipeline attack, hackers launched a cyber-attack against the company and disrupted fuel supplies to the entire U.S. Southeast. Again poor ASM was at the root of the problem. The vulnerability may have been mitigated if a high level of visibility was in place via an ASM solution.

 

Human Error Means Human Vigilance is Necessary 

Human error can wreak havoc. Issues created by the simple lack of knowledge that something was deployed, a firewall was configured incorrectly, a system is without a critical patch etc. are all reoccurring in every Enterprise. Each of these evolving exposures require immediate detection and an immediate business assessment to determine whether this is an unintentional issue or is aligned with intended business goals. Vigilance is not optional. You need to first detect accurately that an unintended exposure has occurred before you can assess whether it needs to be shut down or mitigated. This need for proactive detection and management is continuous and necessary. 

 

Want to learn more about Best Practices for Attack Surface Management? Click Edgescan/The Evolving Attack Surface. 

Why is the VM Industry Proliferated with Point Solutions?

It seems almost obvious that a single, composite view is superior to a layered approach. So one must ask – Why is the industry proliferated with the point solution approach?   How Did We Get Here? The most straight-forward explanation is simply the fact that the...

CISA 101 for Enterprises – Why CISA Matters

What is CISA? CISA stands for the Cybersecurity and Infrastructure Security Agency (CISA) and it leads the United States national effort to understand, manage, and reduce risk to American cyber and physical infrastructure. Its vision is to achieve a secure and...

Effective Attack Surface Management – Three Steps to Overcoming the Challenge of API Vulnerabilities

The enterprise attack surface is a continuous challenge for any Vulnerability Management (VM) Program. Not only is it constantly changing, its continuously evolving. Anything facing public internets including Cloud deployments, Data Centers, Firewalls, IOT Devices,...

What Exactly is an Evolving Attack Surface and Why Does it Matter?

An evolving attack surface is a very evocative phrase. It almost suggests a science fiction-type futuristic world where menacing aliens have the power to morph your protective barriers and leverage them for easy access to your internal, unprotected assets. However, in...

How to Make Your IT and Operations Team Security Remediation Superstars

Necessary Links for a Necessary Chain  The best efforts of an enterprise IT and Operations team can be completely undone by one hacker leveraging one vulnerability at one given moment in time. IT and Operations should be very motivated to make sure they continuously...

How to Fix Security Alert Fatigue (And Yes, it is real)

The Security Alert Fatigue Problem is Real  According to a recent Dimensional Research report (2020), “56% of Large Companies Handle 1,000+ Security Alerts Each Day.” And year–over–year the problem is getting worse. “Seventy percent said the volume of...

How To Make Your Vulnerability Alerts Virtually 100% False-Positive Free

An Alarming Status Quo  For those outsides of the enterprise cyber security community, it can seem strange to even imagine that experienced security professionals live in a world where managing the noise associated with false-positive alerts is a daily and significant...

Five Ways You Can Make Your Vulnerability Management (VM) Program Smart Now

So you are convinced that your need to adopt a “Smart” Vulnerability Management (VM) approach but you are not quite sure how to get started or even what to shoot for. Here are Five Very Important Steps you need to take to bring on the “Smart”.    Number 1 –...

Five Simple Ways to Know if Your Vulnerability Management Program is “Smart”

Do you think you have an optimal Vulnerability Management (VM) Program set up or perhaps, you are not so sure? Well, we have the test for you. Here are Five Indicators you need to be able to check off before you can say your VM Program is “Smart”:   Smartness...

Five Reasons You Need to Embrace “Smart” Vulnerability Management Today

You may have taken the initial steps and deployed automated scanning tools for your Vulnerability Management program (VM) only to find out that they generate a lot of noise and do not offer business context nor remediation guidance. Furthermore, the overhead to...