Attack surfaces grow faster than they may keep up with security teams – you need to know what the attackers are most likely to struck.
Given the adoption cloud, the ease of exposing new systems and services on the Internet dramatically increases, the priority threats and the control of the attack in terms of the attacker have never been more important.
In this guide we consider why the attack surfaces grow and how to properly control and manage them properly Tools like an attacker. Let’s plunge.
What is your surface surface?
First, it is important to understand what we mean when we talk about the surface of the attack. The surface of the attack is the sum of your digital assets that “reach” the attacker – whether safe or vulnerable, known or unknown, with active use or not.
You can also have both the internal and external surfaces of the attack – imagine, for example, a malicious attachment in a colleague’s mailbox, against a new FTP -server that is located on the Internet.
Your outer attack surface is constantly changing over time and includes digital assets that are indoors, in a cloud, in subsidiaries and in other conditions. In short, your attack surface is all that can attack hacker.
What is the surface control of the attack?
Control of the attack surface (ASM) is the process of detecting these assets and services, as well as a decrease or minimization of their impact to prevent their hackers.
The exposition can mean two things: current vulnerabilities, such as missing patches or incorrect settings that reduce the safety of services and assets. But this can also mean the impact of future vulnerabilities or decisive attacks.
Take an example of an administrator interface like a CPanel or a Firewall Administration page – they can be protected from all known current attacks today, but tomorrow you can easily find vulnerability in the software – in which case it will immediately be a significant risk. Thus, while the traditional processes of vulnerability management would say “wait until the vulnerability is detected, and then correct it”, the control of the attack will say: “Remove that the panel of the Firewall Administrator from the Internet before it becomes a problem!”.
This is not to mention that the presence of a firewall administrator, which is subjected to the Internet, opens it to other attacks, regardless of the detection of vulnerability. For example, if the attacker discovers some administrator powers elsewhere, they can potentially re -use these credentials against this administrator interface, and this is often like attackers expand their access to networks. They can simply try sustainable “low and slow” passwords that pass under the radars, but eventually produce results.
To highlight this moment, in particular, gang about the ransom were reported in 2024 Signing on VMware Vsphere Environment, which are exposed to the Internet. Using vulnerability in these servers, they were able to access and encrypt virtual hard drives critical infrastructure to demand huge redemers. It has been reported that there are more than two thousand vsphere in the VSPERE environment.
So, for several reasons, reducing your attack surface today is harder for you to attack tomorrow.
Need to control the surface of the attack
Asset management problems
Thus, if a considerable part of the control surface control reduces the impact of possible future vulnerabilities, removing unnecessary services and assets from the Internet, the first step – to know what you have.
Often considered a poor connection with vulnerability management, asset management was traditionally a laborious, time-consuming task for IT teams. Even if they had control of hardware assets within their organization and the network perimeter, it was still rich in problems. If only one asset has been missed from the asset inventory, it can avoid the entire vulnerability management process and, depending on the sensitivity of the asset, may have great consequences for the business. It was so in Violation of Deloitte In 2016, where the Administrator account was used, exposing the sensitive customer details.
If companies also expand using fusion and absorptions, they often take over systems that they don’t even know – come up Varded in 2015 And up to 4 million unexpressed records were stolen from the system they didn’t even know.
Going to the cloud
Today it is even more difficult. Businesses migrate to cloud platforms such as Google Cloud, Microsoft Azure and AWS, which allow developers teams to move quickly and scale when needed. But it is of great responsibility for the safety directly into the hands of the developers – transferring from traditional, centralized IT commander with process control processes.
Although it is great for development speed, it creates a gap in visibility, and therefore cybersecurity teams need ways to keep up with the pace.
A modern solution
Control the surface of the attack if anything is a confession that asset management and vulnerability management should go hand in hand, but companies need tools to work effectively.
A good example: a client of the offender once told us that we have a mistake in our cloud connectors – our integration that shows which cloud systems are exposed to the Internet. We showed IP -Drace he didn’t think he had. But when we conducted the investigation, our connector worked normally -IP -Taras was in the AWS region, which he did not know what used, somewhat out of sight on the AWS console.
This shows how the surface control of the attack can be as much as visibility as vulnerability management.
Where does the surface of the attack stop?
If you use the SAAS tool like HubSpot, they will have a lot of your sensitive customer data, but you don’t expect to scan on their vulnerabilities-a third risk platform will come here. You might expect HubSpot to have HubSpot a lot of cybersecurity guarantees – and you evaluate them from them.
Where the lines are blurred, it is with external agencies. You may be using a design agency to create a website, but you don’t have a long-term management contract. What if this web -resite remains live until the vulnerability is detected and it is disturbed?
In these cases, the risk management and supplier insurance software helps to protect businesses from issues such as data violations or non -compliance.
6 ways to secure the surface of the attack with the offender
So far, we have seen why the control surface control is so important. The next step is to turn these understanding into specific, effective actions. Creating the ASM strategy means going beyond the well -known assets to find your unknown, adapting to the constantly changing threats and focusing on the risks that will have the greatest impact on your business.
Here are six ways as the offender will help you bring it into action:
1. Discover the unknown assets
The attacker constantly monitors the assets that are easy to lose but can create exploited gaps in your attack surface, such as the pipelines associated with their domains, APIs and entry pages. Learn more about the offender Methods of detecting the surface of the attack.
2. Search for open ports and services
Use the view of the offender’s attack (shown below) to find what is exposed to the Internet. With a quick search, you can check your perimeter for the availability of ports and services that should – and, more importantly, should not – be available from the Internet.
3. Find the exposure (what others miss)
Intruder provides more coating than other ASM solutions by setting up several scan engines. Check more than a thousand problems with the surface of the attack, including open administrator panels, databases facing publicly available, incorrect configurations and more.
4. Scan the surface of the attack when it changes
The attacker constantly monitors your surface of the attack and initiates scan when new services are detected. By including the offender with your cloud accounts, you can automatically detect and scan new services to reduce blind spots and make sure that all exposed cloud assets are covered within your vulnerability management program.
5. Be in front of new threats
When a new critical vulnerability is revealed, the attacker actively initiates the scan to help ensure your attack surface when the threat landscape develops. With a rapid reaction, our security team checks your systems on the latest issues that are exploited faster than automated scanners that can be warned immediately if your organization is at risk.
6. Priority are the most important problems
The attacker will help you focus on the vulnerabilities that are the greatest risk to your business. For example, you can view the likelihood of using your vulnerabilities over the next 30 days and filter “famous” and “very likely” to create a list of the most important risks.
Start with the control of the attack surface
The EASM Intruder platform solves one of the most fundamental problems in cybersecurity: the need to understand how attackers see your organization where they are likely to invade, and how you can determine, put and eliminate the risk. Back some time with our team To find out how the offender can help protect your attack surface.
