IT professionals develop a deep understanding of the enterprise attack surface—what it is, how to quantify it, and how to manage it.
The process is simple: Start with a thorough assessment of the attack surface, covering the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Use available market tools and expertise to strengthen these weak links to achieve the desired cybersecurity posture.
Although simple in concept, it is an extremely cumbersome task that consumes the work time of CISOs and their organizations. Both enumeration and defense present challenges: Large organizations use a vast array of technologies, such as server and endpoint platforms, network equipment, and business applications. When integrated with access control, logging, patching, monitoring, and more, hardening each of these elements can become a frustrating endeavor, creating a seemingly endless to-do list.
However, the continued expansion of enterprise attack surface management is unsustainable. As businesses become increasingly digital, every new device, application, infrastructure component and network expansion creates a new attack surface. Over time, the constant struggle to adapt and integrate new security tools becomes increasingly unsustainable.
This problem does not stem from a lack of tools. With each generation of attacks and new attack surfaces, a plethora of specialized startups emerge to provide new tools to address these challenges. Whether you’re solving a business email breach or another threat, there’s a new tool tailor-made for the job. It’s exhausting, expensive, and unsustainable. Large organizations are being inundated with security technology and missing out on critical breach indicators because security tools generate a flood of false positives that require human work hours to investigate and triage.
It’s time to break the cycle of getting another tool for another surface and get off the hamster wheel.
Let’s explore the reasons for the explosive growth of the attack surface:
Increase use of cloud services
More and more businesses are turning to cloud-based services and storage. While these services provide significant benefits, they also increase the likelihood of cyberattacks if not properly protected. The cloud is here to stay, and on-premises deployments aren’t going away. This means that typical organizations need to consider duplication of attack surfaces across their entire environment – making hybrid models the new norm.
Cloud service providers are good at protecting the specific layers of the stack they oversee: hypervisors, servers and storage. However, it is the customer’s responsibility to protect data and applications in the cloud. It all depends on you.
1. Remote work
As more people work from home and companies adopt more flexible working policies, security risks will inevitably increase. We haven’t gotten it right yet. We still don’t have the same managed and secure infrastructure at home as we do in the office.
2. Internet of Things
The number of IoT devices in use is exploding, many of which lack adequate security measures. This vulnerability provides a potential entry point for cybercriminals seeking unauthorized access.
3. Supply chain
Cyber attackers can exploit weaknesses in an organization’s supply chain to gain unauthorized access to data. They can exploit these weaknesses to gain unauthorized access to sensitive information or critical systems.
4. Artificial intelligence and machine learning
While these technologies have many benefits, they also introduce new vulnerabilities. Who are the privileged users of artificial intelligence companies? Is their account safe? Do robotic workers (RPA) use secure digital identities when accessing sensitive company data?
5. Social Network
The rise of social networks and their pervasive use in personal and business interactions has created new opportunities for criminals, particularly in the area of social engineering. With the recent wave of business email breaches, we can see how vulnerable organizations are to this type of attack.
What’s the solution?
The reality is that traditional borders have long been eroding. Security measures such as physical key cards, firewalls and VPNs became obsolete a decade ago when used as stand-alone defenses. Identity has become the new frontier in security.
So, what can you do? Obviously, there is no one-size-fits-all remedy. However, there are innovative ways to alleviate some of the pressure on CISO organizations. A common denominator among all the emerging threats and trends driving the expansion of the attack surface is digital identity. By prioritizing identity security through Identity and Access Management (IAM), Protected Directories, and Privileged Access Management (PAM), you can roll out strong access controls, enable a robust zero-trust approach, and keep an eye on those privileged accounts.
Cyber insurance has become an important part of the cybersecurity arsenal, acting as a financial safety net in the event of a breach. Investing in cyber insurance can ease the financial burden and aid in the recovery process, making it a critical part of any security strategy.
There’s no doubt that you still need to patch your system, and you still need to make sure your configuration is secure. You still need a balanced approach to cybersecurity and making any type of attack expensive enough to thwart. However, when an attacker is lured by a vulnerable identity, you need to react.
in conclusion
Identity is fragile. As someone suggested a while ago: ordinary attackers don’t break into systems. They simply log in using compromised credentials and, if left unchecked, can run amok through systems, including Active Directory. The data backs up this claim: The latest CISA analysis shows that using “valid accounts is the most prominent technique used across multiple strategies.” These credentials are used not only for initial access, but also for lateral navigation through the network and escalation of privileges. Surprisingly, valid credentials were found to be the most common successful attack technique in more than 54% of the analyzed attacks. This emphasizes the importance of protecting digital identities as a fundamental defense strategy.
2 Comments
Pingback: Getting off the attack surface hamster wheel: Identity can help – Paxton Willson
Pingback: Getting off the attack surface hamster wheel: Identity can help – Mary Ashley