The term “attack surface” is sometimes defined as the collection of ways an organization can be breached. But that is really just the sum of your organization’s attack vectors.
A better definition is: Your attack surface is all of your attacker-exposed IT assets, whether secure or vulnerable, known and unknown, wherever they are: on-premises, in the cloud, in third-party or partner environments, or in the networks of your subsidiaries. That’s a better definition of “attack surface” because organizations benefit from having an understanding and visibility into their entire IT ecosystem that includes all of their network interconnectivity.
One of the most critical security issues today is the fact that IT and security teams don't know where all of their organization’s digital infrastructure and assets are, or whether they’re fully protected. This ‘awareness gap’ is called shadow risk; it’s a major problem, since unknown and unmanaged assets are often the easiest points of entry for attackers. Organizations must expose their shadow risk by mapping and assessing their full attack surface.
The need for attack surface analysis and management is universally recognized by security practitioners and vendors, but a critical point that may not be explicitly called out is that managing your attack surface isn’t something you should start doing only after you have implemented your security stack. Instead, it must be a foundational step that guides your security program and resource investments.
Attackers are looking for the path of least resistance in your attack surface so that they can break into your high-value digital assets. To stay ahead, you have to think like an attacker too. That requires ongoing visibility of your attack surface, and there’s only one proven way to establish attack surface visibility: perform reconnaissance across your entire IT ecosystem, adopting an outside-in approach.
With the full view of your attacker-exposed assets, you have a good foundation for evaluating your organizational risk and establishing an effective security program that allows you and your team to focus your resources on eliminating the highest priority risks for your business.
What Is an Unknown IT Asset?
It’s a server, network, application or other IT asset that your IT and security teams don’t know about.
One example is when an individual, team or business unit provisions an asset, often a cloud asset,
but the IT and security teams remain unaware of it
because it's not included in a centralized asset management process.
Unknown and unmanaged IT assets are key sources of shadow risk.
"Digital risk and digital trust are dynamic and vary over time based on context. Thus, risk is calculated for vulnerability management on a continuous basis to calculate the risk exposure of an organization. For example, a vulnerability may not be a significant risk today, but it can materialize into a severe risk to an organization overnight. If a continuous risk assessment is not deployed, the organization will miss addressing the risk, resulting in fatal consequences."
Gartner, Implement a Risk-Based Approach to Vulnerability Management, Prateek Bhajanka, Craig Lawson, ID: G00356414, Published: 21 August 2018
We define attack surface management as the ongoing, continuous process of identifying and understanding your organization’s attacker-exposed assets, the business relevance of the assets, potential attacker entry points and a prioritization of which attack vectors to remediate first. The concept of “attack vectors” includes a range of security issues, including data exposure, misconfigured applications, network architecture flaws, outdated ciphers, and vulnerabilities.
Therefore, vulnerability management, the ongoing process for managing an organization's vulnerabilities, is included within our definition of attack surface management.
Many authors providing advice on attack surface management use the term “attack surface reduction” and offer tips for reducing the size of an organization’s attack surface. What’s implied in that approach is that the attack surface is being defined as the sum of vulnerabilities, whereas a better approach is to define the attack surface expansively as the collection of all the assets associated with an organization, whether currently deemed vulnerable or not.
Thus, your goal is not to reduce your attack surface but to reduce the attack vectors in your attack surface, beginning with those that pose the greatest risk to your organization.
The CyCognito platform delivers unprecedented attack surface visibility. Organizations using the CyCognito platform find their attack surface is typically 30 to 300 percent larger than previously understood! The difference in attack surface size is due to the fact that many assets in the attack surface were unknown to the organization's IT and security departments or were unmanaged. This includes cloud environments and applications, third-party networks, partners, subsidiaries and other shadow IT. Visibility of your entire attack surface is critical to your ability to identify and eliminate your shadow risk, the risk associated with your attacker-exposed assets.
Elimination of shadow risk by illuminating critical blind spots in your attack surface is a goal and an outcome of using the CyCognito platform. The CyCognito platform helps your team filter out the noise resulting from the use of vulnerability scanners which surface an endless stream of potential vulnerabilities that may be rated as “high” or “critical” using the Common Vulnerability Scoring System (CVSS), but do not rise to a priority level for your organization. Attack vectors identified by the CyCognito platform go beyond known vulnerabilities and isolated CVSS scores and are specific to your organization’s attacker-exposed assets and their business relevance.
Identifies more of your attacker-exposed IT ecosystem
With its comprehensive global botnet, the CyCognito platform uniquely reveals unknown, abandoned and unmanaged assets associated with your organization – including those of partners and subsidiaries – that are critical to your cybersecurity risk management.
Cuts through a sea of security issues to help your security team focus on what is critical
The CyCognito platform prioritizes and organizes your assets and attack vectors to help you quickly remediate the most critical risks to your organization.
Instead of just receiving a list of IPs or ports, you’ll have easy visibility to your different types of business data, which group or department owns an asset and a ranking of each asset by importance to your organization – and its attractiveness to an attacker. The platform marries this information with knowledge of attackers' "path of least resistance" — or easiest points of entry — so that you can immediately identify and act on critical risks.
Operates 100% externally as a software as a service (SaaS) platform and requires no preparation, deployment, configuration
The CyCognito platform operates autonomously across your entire IT ecosystem, discovering unknown and unmanaged assets. This sets it apart from other attack surface management products that focus on port scanning, as well as legacy testing methods, such as vulnerability scanning, penetration testing and red teaming exercises that must be configured, directed to scan or test certain IP ranges or assets or deploy agents.
In order to protect your most-valued assets, you must have visibility across your entire attack surface, right down to the last connected device. Is your visibility up to the task? To help, we created this white paper and inside, you’ll read about:
Keep your eyes on what’s most important—your attack surface.