Attack Surface Management Strategies
Cyber asset discovery
First, you need total visibility to be able to discover and continuously monitor known, unknown, internal, and internet-facing (external) assets. Siloed point products across endpoints, users, devices, cloud, networks, etc., limit overstretched security teams from taking stock or perform manual auditsAlso consider that new projects with open-source dependencies and user/device accounts are spun up instantly, meaning you need to be able to see your entire ecosystem as it changes, not after.
The goal is to gain visibility to answer questions such as:
- What is my attack surface?
- How well can I see what assets are in my environment?
- How many, what types, and what attributes are associated with these assets?
- What are my high-value assets?
- How is my attack surface changing?
Risk assessment
Being able to see your entire ecosystem as it changes is the first step; next, security teams need to assess and prioritize any weaknesses or vulnerabilities. This doesn’t just apply this to systems, but user types as well—for example, executive level employees are the most common targets for business email compromise (BEC). Also, we’ve seen an uptick in campaigns targeting software supply chains and DevOps pipelines, meaning processes also need to be evaluated for any security gaps.
Ideally, this risk information will be contextualized for greater understanding to answer the following questions:
- Can I quantify my risk? What is my overall risk score?
- Is my risk score increasing or decreasing over time?
- How does it compare to peers in the industry?
- Where do I see the most significant security risks?
- What risk factors need immediate attention?
Risk mitigation
While discovering and assessing risks across your digital attack surface is important, it’s also critical to receive actionable prioritized mitigation recommendations to lower risk exposure. Virtual patching, changing configuration options on a prevention control, and controlling user access parameters are just a few examples.
Furthermore, it should be possible to automate mitigation wherever possible for great efficiency and to reduce the chance of a successful attack or breach.
With the skills shortage introducing very real challenges to managing the attack surface, the opportunity to create a common framework and a single pane of glass is paramount to effective cyber risk management. Enter: extended detection and response (XDR) and zero-trust strategies.
The importance of XDR
Investments in XDR mean there is data, analytics, and integrations, and a technology in place that could act as a foundation to serving other use cases and providing insight and operational value beyond the realm of detection and response.
More proactive risk prioritization and mitigation benefits the SOC by reducing overall exposure and the scope of a security incident. Conversely, detection data collected by XDR provides valuable insight into attack surface threat activity and how current defenses are coping. In turn, this can inform risk assessments and response recommendations.
Learn more in Guide to Better Threat Detection and Response (XDR)
Supporting zero-trust strategies
Proactive cyber risk management depends on operationalizing elements of a zero-trust strategy. Zero trust is an extension of the principle of least privilege, wherein any connection—whether it’s from within the network or not—should be considered untrustworthy. This is crucial in today’s hyper-connected, remote work environment that has increased the different entry points or connections into the enterprise.
As always, this needs to be an ongoing process that constantly evaluates identity, user and device activity, application, vulnerability, and device configuration. The demand for continuous assessment has led to many SOCs shifting toward the Secure Access Service Edge (SASE) architecture, which combines discrete capabilities such as Cloud Application Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) for more granular control across the network.
Read More HERE