What Exactly is an Evolving Attack Surface and Why Does it Matter?

An evolving attack surface is a very evocative phrase. It almost suggests a science fiction-type futuristic world where menacing aliens have the power to morph your protective barriers and leverage them for easy access to your internal, unprotected assets. However, in 2022 for the typical Enterprise Vulnerability Management (VM) team, this suggestive image of a morphing attack surface is not a far stretch. The interesting twist is that the evolving nature of your attack surface is not the handiwork of an external actor, but rather, it evolves as your business sets up new web-based services and ever-expanding digital transformation exercises. The evolving attack surface is generated by your Enterprise’s need to create new strategic routes to market and deliver innovative and competitive services to your clients. So, the question is – If the enterprise creates its own attack surface exposures, why is it so difficult to manage? And why does it matter? 

Attack Surface Management is Hard and It Really, Really Matters 

1. “Evolving” Attack Surfaces Presents a Challenge – Continuous attack surface changes create the threat of potentially new exposures. These exposures could be the result of deploying new systems and servers with control measures that are not set up properly or a key service that is inadvertently exposed. It could be something at the administration level, like not configuring the services securely or it could simply be human error, exposing unintended services involved with new and rapidly expanding cloud service deployments. These inadvertent exposures are the golden moments of opportunity for a would-be attacker.
2. The Attack Surface is Incredibly Wide – Just as Enterprise business direction adapts on the fly to new market conditions, so too does its internal and client-facing IT services. They are constantly changing. The way the attack surface changes is wide and varied – and the chance of human error with every new exposure is equally mixed. Anything facing public internets introduces potential attack surface exposures including:
   • Cloud
   • Data Centers
   • Firewalls
   • IOT devices
   • Servers
   • Services
   • API’sBasically, any endpoint exposed to the public Internet is attackable – hence the need for vigilant Attack Surface Management (ASM).
3. You will always have to Manage Risk – for each Enterprise, there are types of exposures – IP’s and Web Applications for example – that are intended to be exposed to the internet. This is specifically what they are used for – public access. Of course a business like eCommerce requires online purchases for their revenue goals. Out of the gate, a comprehensive Attack Surface Management (ASM) solution is required. But even traditional businesses like Government, Manufacturing and Agriculture are rapidly rolling out digital transformative offerings to become competitive. This means they continue to expose more services to the internet to access new streams of business. While this is a calculated decision to allow new public access – now an additional layer of managing attack surface exposure is introduced.
4. Archiving Surface Management – Time is not our Friend – Visibility is of paramount importance in cyber security. We cannot secure what we cannot see. The longer a business allows old services to continue, the larger the window of exposure. While there is not a consistent pattern or explanation, it turns out that legacy services and their related exposed surfaces become more vulnerable over time. Allowing old services to persist is not playing it safe – it is introducing your organization to a larger window of exposure and in most cases, completely unnecessary risk. It turns out that in 2021, the average age of exposure used to breach was one-to-three years (Edgescan 2022 Stats Report). So if these Enterprises had a viable ASM solution – meaning they had identified and closed the avenue of attack earlier – the majority of these hacks could have been avoided.
5. So Why Does it Matter? – It turns out that large, recent breaches are a result of not managing attack surface properly. Many recent high profile Ransomware attacks were a direct result of letting one’s guard down managing their attack surface. To illustrate the significance, consider that in the 2021 Colonial Pipeline attack, hackers launched a cyber-attack against the company and disrupted fuel supplies to the entire U.S. Southeast. Again poor ASM was at the root of the problem. The vulnerability may have been mitigated if a high level of visibility was in place via an ASM solution.

Human Error Means Human Vigilance is Necessary 

Human error can wreak havoc. Issues created by the simple lack of knowledge that something was deployed, a firewall was configured incorrectly, a system is without a critical patch etc. are all reoccurring in every Enterprise. Each of these evolving exposures require immediate detection and an immediate business assessment to determine whether this is an unintentional issue or is aligned with intended business goals. Vigilance is not optional. You need to first detect accurately that an unintended exposure has occurred before you can assess whether it needs to be shut down or mitigated. This need for proactive detection and management is continuous and necessary. 

Want to learn more about Best Practices for Attack Surface Management? Click Edgescan/The Evolving Attack Surface.