We have developed an innovative way to reduce an attack surface and allow organisations to manage them at the same time.
At RiskXchange, computer attack surface and the vulnerabilities associated with it are the greatest cybersecurity concern we encounter.
Your attack surface is continually growing and is the window a cyberterrorist can use to gain access to sensitive data. Recent high-profile data breaches have shone a light on the need for complex cybersecurity measures and secure ways of narrowing an attack surface.
Understanding your attack surface and how to manage it is the first step towards improving the security of your organisation.
What is an attack surface?
The attack surface of a software environment and computer system is the sum of the “attack vectors” where an “attacker” can try to enter data into or extract data from an environment.
An attack surface encompasses all the ways in which your apps can be exploited by attackers. This includes not only operating systems, software, network services and protocols, but also SSL certificates, domain names and even authentication and access control protocols.
Every computing device needs an operating system (OS), a system software that manages software resources, computer hardware, and provides common services for third party computer programs or applications. OS provides users with the services to run various programs and an environment to execute it.
Attack surface types
Attack surface can be divided into two main categories:
- OS Dependent (OSD) attack surface OR Internal attack surface
OSD or internal attack surface vulnerabilities could either fall into the primary or secondary category depending on whether the point of attack is directly through OS, or through an authorised application installed on the OS.
The primary attack surface is one directly originating from the OS. The secondary attack surface originates from hardware, software or protocols that use OS resources to interface with the OS either directly or indirectly via a software or hardware bridge.
2. OS Independent (OSI) attack surface OR external attack surface OR authentication/access control attacks
OSI can also be labelled as access control attack surface or authentication attack surface. The authentication function isn’t quite the same as access control – authentication attack surface identifies the user and confirms that they are who they say they are while the access control attack surface determines whether the user is allowed to carry out the action that they are attempting to perform. In OSI attack surface, the attacker does not target the OS/app vulnerabilities but deploys password guessing strategies or brute force attacks, spoofed logon screens, man-in-the-middle (MITM) attacks, etc.
Attack surface and vulnerabilities
One of the best ways to improve cybersecurity measures within your organisation is to reduce the attack surface of a system or software. Attack surface reduction can be broken down into the following ways:
1) Reduce the amount of code running
2) Reduce entry points available
3) Eliminate services requested by few users
Leaving less code accessible to unauthorised actors tends to yield fewer failures and vulnerabilities. By switching off unnecessary functionality, there will be fewer security risks. Attack surface reduction helps prevent security failures, but it does not mitigate the amount of damage an attacker can inflict once a vulnerability is found. Cyber-threat vectors can be opened upon new software deployment and make security operations more complex and vulnerable.
Common vulnerabilities and exposure
Not only is your attack surface continually growing but so is the severity of the vulnerability or CVE (common vulnerabilities and exposure).
In 2019, data from the National Vulnerability Database (NVD) show roughly 22,000 CVEs, including Common Vulnerability Scoring System (CVSS) scores.
Open source components increase attack surface
The use of open source components in development of new applications increases the attack surface and therefore the vulnerabilities that come with it. Code reusing is a common practice in software which can leave areas wide open to attack on many surfaces.
Today’s software development strategy relies on building up software solutions using open source components from diverse sources. The trend has become one of the major reasons for constantly expanding attack surface over the past decade.
On top of software development trends that lead to a larger attack surface, security experts are facing another vulnerability from hackers – the exploit speed.
The speed of exploits has shortened by 93% – it takes only three days before a vulnerability is exploited as opposed to 45 days in 2006. This means that professional cybercriminals can exploit a new CVE virtually as soon as it is released. What’s more, zero-day vulnerabilities are now commonplace – a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the problem.
How RiskXchange can help
RiskXchange is one of the firms leading the fight against cybercrime, coming up with novel solutions to everyday problems experienced at the hands of hackers. We have developed an innovative way to reduce an attack surface and allow organisations to manage them at the same time.
With full visibility over your eco-systems’ entire attack surface in near real-time, you can regularly monitor and mitigate risks to prevent unnecessary exposures. Our passive data collection methods are effective and have no impact on your network performance. Using data-driven insights to prevent breaches is the best way to reduce an attack surface and prevent cyberattacks.
By aggregating data from open sources, RiskXchange helps you gain a broader picture of your network and your supply chain’s application attack surface over time. This enables you to prioritise securing your network and application assets that are most at risk from compromise and exploitation. We provide high priority alerts and easy to understand security score ratings that relate to genuine threats to your network and application infrastructure, as well or actionable technical information.
RiskXchange pinpoints five ways to reduce an attack surface:
- Security checks and analytics
A detailed analysis is the best way to reduce your attack surface. Traffic flow analysis, security configuration assessments and quantitative risk scores are the three most effective ways of reducing an attack surface.
According to OWASP, the point of attack surface analysis is to understand the risk areas in an application, to make developers and security specialists aware of what parts of the application are open to attack, to find ways of minimising this, and to notice when and how the attack surface changes and what this means from a risk perspective.
2. Reduce complexity
Reducing the complexity of a network helps to reduce an attack surface. Poor policy management can lead to mistakes or duplicates, unused rules and overly permissive rule definitions allow increased access beyond what is needed.
According to Security Magazine, unnecessary complexity elevates the possibility of human error and risk, underscoring the importance of simplicity in security infrastructures and policy management.
3. Vulnerability screening
Vulnerability screening and visualising vulnerabilities through modelling and simulation is a good way to reduce attack surfaces. Patch simulation and attack surface modelling all help to pinpoint your attack surface and identify ways in which an attacker can gain access to a network.
According to Research Gate, vulnerabilities can be dramatically reduced by a systematic approach of measuring the attack surface through component level dependency analysis.
4. Monitor your endpoints
Independent process monitors maintain constant surveillance over your endpoints and help to highlight, therefore being able to reduce, the number visible on the attack surface. The next step is being able to control what the endpoint does, and then ensure that its relation to the rest of the network is fully secured.
According to Security Boulevard, most organisations are ignoring a crucial portion of their attack surface — the endpoint:
- The endpoint is where attacks originate
- The endpoint is where persistence is gained
- The endpoint is where lateral movement goes to and from
- The endpoint is where processes are injected
- The endpoint is where network packets originate
- The endpoint is where the data lives
- The endpoint is where the bad guys exfiltrate from
5. Building up your perimeters
Building up perimeters and segmenting a network will drastically reduce any attack surface. By increasing the number of barriers visible on a network, the harder it will be for an attacker to gain access to your data.
According to the findings at the 7th International Conference on Information Warfare and Security, the key to minimising attack surfaces is by building up perimeters within a network. The conference determined that an attack surface is vulnerable if there are no “specific separations or dedicated functional controls for a given attack vector”.
RiskXchange is an information security technology company, that helps companies of all sizes fight the threat of cyber threats by providing instant risk ratings for any company across the globe. RiskXchange was founded and is led by recognised experts within the security industry, who have held leading roles within companies such as IBM Security.
Find out more here.