Browse Definitions :
CISO as a service (vCISO, virtual CISO, fractional CISO) Cybersecurity governance: A path to cyber maturity
Definition

attack surface

What is an attack surface?

An attack surface is defined as the total number of all possible entry points for unauthorized access into any system. It includes all vulnerabilities and endpoints that can be exploited to carry out a security attack. The attack surface is also the entire area of an organization or system that is susceptible to hacking.

For most modern businesses, the attack surface is complex and massive. The large number of devices, web applications and network nodes create many potential cybersecurity threats.

IT leaders, despite their best efforts, can only see a subset of the security risks faced by their organization.

What are the different types of attack surfaces?

Attack surfaces can be physical or digital:

  • Digital attack surfaces encompass applications, code, ports, servers and websites, as well as unauthorized system access points. Vulnerabilities left by poor coding, weak passwords, default operating system settings, exposed application programming interfaces or poorly maintained software are all part of the digital attack surface.
  • Physical attack surfaces comprise all endpoint devices, such as desktop systems, laptops, mobile devices and USB ports. Improperly discarded hardware that may contain user data and login credentials, passwords on paper or physical break-ins are also included.

Both physical and digital attack surfaces should be limited in size to protect surfaces from anonymous, public access.

What is attack surface management?

Attack surface management refers to the continuous surveillance and vigilance required to mitigate all current and future cyberthreats. It includes all risk assessments, security controls and security measures that go into mapping and protecting the attack surface, mitigating the chances of a successful attack.

steps to creating a risk mitigation plan
Attack surface management requires organizations assess their risks and put into place the security measures and controls to protect themselves as part of an overall risk mitigation strategy.

Key questions answered in attack surface management include the following:

  • What are the high-risk areas and vulnerabilities in the system?
  • Where can new attack vectors be created due to system changes?
  • How can the system be protected from cyber attacks?
common cyber attacks
Digital attack surfaces leave businesses open to malware and other types of cyber attack.

How can the attack surface be limited?

Organizations can have information security experts conduct attack surface analysis and management. Some ideas for attack surface reduction include the following:

  • Access control. Organizations should limit access to sensitive data and resources both internally and externally. Physical measures, like locking, access cards, biometric systems and multifactor authentication (see video below), can be used.
  • Complexity elimination. Unnecessary or unused software can result in policy mistakes, enabling bad actors to exploit these endpoints. All system functionality must be assessed and maintained regularly.
  • Regular scanning. Digital assets and data centers must be scanned regularly to spot potential vulnerabilities.
  • Network segmentation. Tools like firewalls and strategies like microsegmentation can be used to divide the network into smaller units.

What is the difference between an attack surface and an attack vector?

The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.

Some common attack vectors include the following:

  • Cyber attacks. These are deliberate attacks done by cybercriminals to gain unauthorized access to an organization's network. Examples include phishing attempts and malicious software, like Trojans, viruses, ransomware or unethical malware.
  • Network data interception. Network hackers may attempt to extract data like passwords and other sensitive information directly from the network.
  • Data breaches. Inside threats, such as rogue employees, social engineering ploys and unauthorized users posing as service workers, can result in the leaking of sensitive data to the general public.
common attack vectors
An attack vector is how an intruder attempts to gain access, while the attack surface is what's being attacked.

How to manage digital attack surfaces

A network attack surface is the totality of all vulnerabilities in connected hardware and software. In order to keep the network secure, network administrators must proactively seek ways to reduce the number and size of attack surfaces.

There is a law of computing that states that the more code you have running on a system, the greater the chance that the system will have an exploitable security vulnerability. This means that one of the most important steps IT administrators can take to secure a system is to reduce the amount of code being executed, which helps reduce the software attack surface.

One popular approach to limiting the size of attack surfaces is a strategy called microsegmentation. With microsegmentation, the data center is divided into logical units, each of which has its own unique security policies. The idea is to significantly reduce the surface available for malicious activity and restrict unwanted lateral (east-west) traffic once the perimeter has been penetrated.

Policies are tied to logical segments, so any workload migration will also move the security policies.

Network microsegmentation isn't new. But its adoption has been sparked by software-defined networking and software-defined data center technologies.

Traditional firewalls remain in place to maintain north-south defenses, while microsegmentation significantly limits unwanted communication between east-west workloads within the enterprise.

tips to reduce physical and digital attack surfaces

How to manage physical attack surfaces

A physical attack surface includes access to all endpoint devices, including desktop systems, laptops, mobile devices, USB ports and improperly discarded hard drives. Once an attacker has accessed a computing device physically, the intruder will look for digital attack surfaces left vulnerable by poor coding, default security settings or poorly maintained software that has not been updated or patched.

The physical attack surface is exploitable through inside threats, such as rogue employees, social engineering ploys and intruders posing as service workers, especially in public companies. External threats include password retrieval from carelessly discarded hardware, passwords on sticky notes and physical break-ins.

Physical security has three important components: access control, surveillance and testing. Obstacles should be placed in the way of potential attackers and physical sites should be hardened against accidents, attacks or environmental disasters. Such hardening measures include fencing, locks, access control cards, biometric access control systems and fire suppression systems.

Second, physical locations should be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors and smoke detectors. Third, disaster recovery policies and procedures should be tested regularly to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.

This was last updated in September 2021

Continue Reading About attack surface

Networking
  • voice over LTE (VoLTE)

    Voice over LTE (VoLTE) is a digital packet technology that uses 4G LTE networks to route voice traffic and transmit data.

  • ONOS (Open Network Operating System)

    Open Network Operating System (ONOS) is an OS designed to help network service providers build carrier-grade software-defined ...

  • telematics

    Telematics is a term that combines the words telecommunications and informatics to describe the use of communications and IT to ...

Security
  • three-factor authentication (3FA)

    Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication ...

  • cyber espionage

    Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government ...

  • role-based access control (RBAC)

    Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an ...

CIO
  • project charter

    A project charter is a formal short document that states a project exists and provides project managers with written authority to...

  • leadership

    Leadership is the ability of an individual or a group of people to influence and guide followers or members of an organization, ...

  • transaction

    In computing, a transaction is a set of related tasks treated as a single action.

HRSoftware
  • employee engagement

    Employee engagement is the emotional and professional connection an employee feels toward their organization, colleagues and work.

  • talent pool

    A talent pool is a database of job candidates who have the potential to meet an organization's immediate and long-term needs.

  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

Customer Experience
  • sales development representative (SDR)

    A sales development representative (SDR) is an individual who focuses on prospecting, moving and qualifying leads through the ...

  • service level indicator

    A service level indicator (SLI) is a metric that indicates what measure of performance a customer is receiving at a given time.

  • customer data platform (CDP)

    A customer data platform (CDP) is a type of software application that provides a unified platform of customer information that ...

Close