An attack surface is, essentially, the overall vulnerability that is created by a business’ digital network over which it conducts certain operations. 在这种情况下,网络是“表面”.“威胁行为者试图在他们认为可以进入的任何地方穿透这一表面.
According to the National Initiative of Cybersecurity Careers and Studies of the United States Government, the attack surface of an application represents the number of entry points exposed to a potential attacker of the software. The larger the attack surface, 攻击者可以使用的攻击方法越多. The smaller the attack surface, the smaller the chance of an attacker finding a vulnerability and the lower the risk of a high impact exploit in the system.
Securing a business’ attack surface may seem like an exercise in futility or a game of whack-a-mole when a security organization has put one threat down only to have to address another threat somewhere else along the attack surface.
However, modern security providers have created suites of solutions and evolved them to address just this type of pervasive onslaught of suspicious activity so that an organization can effectively thwart threats en masse to help keep the business running and moving forward.
开始思考攻击面是什么样的, 它有助于将其置于个体组织的背景中. 每个组织都有不同的目标,因此每个人 attack surface management 方法看起来会有所不同.
数字攻击面包括部署在任何设备上的所有web应用程序, APIs, cybersecurity programs,以及网络上任何可以归类为“数字”或非物理的东西. 如果企业与供应链合作伙伴签订合同, 然后,他们的攻击面自然会延伸到他们特定组织的外围.
A physical attack surface encompasses any non-digital hardware that is critical to maintaining a network. 这可以是一个详尽的列表,包括服务器,端口,布线或网络电缆,物理 endpoints 比如手机、笔记本电脑、智能手表、智能耳机和数据中心.
Attacks on this type of surface require different behaviors on the part of would-be attackers as they would have to physically acquire or access these tangible assets in order to manipulate them.
如上所述,人类主要构成了与社会工程相关的攻击面. This includes phishing attacks, honeypots,链接欺骗和搭便车. This type of attack is designed to convince a human user on a network that what they are seeing is entirely valid.
It could be a fake email designed to get a user to click a link that installs malware on that endpoint; it could be someone piggybacking into an office, attempting to convince an actual employee they forgot their badge; or social engineering could come in the form of a text message sent to a user that appears to be from their manager or someone else in the company.
如果存在攻击面,那么攻击向量究竟是什么? 我们知道,“向量”是一个事物访问另一个事物的方式. But, what does that mean in terms of cybersecurity and what distinguishes it from the surface as a whole?
An attack vector simply refers to a single pathway through which a threat actor attempts to access a network. An attack surface consists of all of the vectors along an entire network that threat actors can potentially exploit.
攻击向量本质上是攻击者进入系统的切入点. From there, 攻击者会采取深思熟虑的攻击路径来获取他们想要的信息或资源. Malware, for example, 有三种主要的载体类型——特洛伊木马, virus, 蠕虫——利用典型的通信方式,如电子邮件.
单个攻击向量会创造出小的开口, but the combination of all of those entry points creates a larger vulnerability that can turn common networks into dynamic attack surfaces. 如果您的网络已成为一个动态攻击面, 那么从整体上考虑安全项目可能是个好主意, including 扩展检测和响应(XDR), cloud security, and 漏洞风险管理(VRM).
操作电脑的人, systems, security, and networks can also be thought of as attack vectors when social engineering attacks like phishing scams come into play.
Identifying the pathways along your attack surface where a threat actor could strike is an exercise in creating the most critical part of a cybersecurity program – one that is dynamic, multifaceted, and continuous.
According to the 开放全球应用程序安全项目,攻击面分析可以帮助识别:
最后一点与分析和识别攻击面的需求一致 continuously. It also requires security practitioners to know when company and security objectives have changed so they can then adjust risk profiles. What might have been considered a priority for remediation in order to shore up defenses along the attack path 昨天可能在今天的列表中排名更低.
If an attack surface encompasses the collection of points along a network that an attacker could exploit, 考虑一下,根据调整后的风险概况,该集合的变化频率.
Let's dive into a few best practices that can help security organizations to minimize the many vulnerabilities/vectors/break-in points threat actors are looking to exploit.
Leveraging tools like cloud risk management (CRM), 扩展检测和响应(XDR), and now AI-driven cloud anomaly detection can accelerate a security team's attack surface reduction mission and help them eliminate threats with speed and precision.