Many cybersecurity trend reports include a prediction that “enterprise attack surfaces will continue to expand.” Gartner said this in 2022, and we reported it in the State of Cyber Assets Report, and it’s a trend we’re likely to see in perpetuity. But what is the attack surface, anyway? This quick guide will define the terms you need to understand.
Cyber Attack Surface Definition and Reality
Attack surface refers to the total number of exposed weaknesses or attack vectors where attackers can access a system. These attack vectors (or entry points) may be physical or digital.
Senior Forrester Analyst, Jess Burn, further clarifies, “Your attack surface is more than what’s internet-accessible — it’s your entire environment, and there’s a tremendous opportunity to integrate the external visibility from ASM tools and processes with internal security controls, the CMDB, and other asset and tracking and management platforms to completely map all the connections and assets in an enterprise.”
Cybersecurity professionals use the term ‘attack surface’ to describe the totality of all potential entry points into their environment, and may refer to a particular organization’s attack surface as ‘large’ or ‘small’ based on the relative number of potential entry points. Smaller attack surfaces, by definition, are more secure.
In “A Tacky Graph and Listless Defenders: Looking Beneath the Attack Surface,” the JupiterOne research team explains why larger attack surfaces present more opportunities for attackers:
“Attackers have it much easier [than defenders]. They simply need to steal credentials and try paths until they eventually find a high-value asset. This highlights the fact that defenders have to be right every time, while attackers only need to be right once.”
Digital Attack Surface
The digital attack surface includes all of the hardware and software that connects to an organization’s network and has access to that organization’s data.
Physical Attack Surface
The physical attack surface refers to physical points of entry, from literal doors into office buildings to ports, USB devices, cell phones, laptops, etc.
Understanding Cyber Attack Surface Management
Attack surface management is an emerging cybersecurity practice that Gartner categorizes under ‘Exposure Management.’ It is the practice of continuously understanding and reducing your attack surface.
In Gartner’s 2022 ‘Innovation Insight for Attack Surface Management,’ analysts frame the practice of attack surface management as asking, “‘What does my organization look like from an attacker’s point of view, and how should it find and prioritize the issues attackers will see first?”
Using Cyber Asset Attack Surface Management to Reduce Your Attack Surface
Cyber Asset Attack Surface Management, or CAASM, is defined by Gartner as technology that “enables organizations to see all assets (internal and external) through API integrations with existing tools, query against the consolidated data, identify the scope of vulnerabilities and gaps in security controls, and remediate issues.”
Attack surface management requires you to eliminate or secure attack vectors, but you can’t secure what you can’t see. This is where CAASM can help.
Manage Your Cyber Attack Surface with JupiterOne
JupiterOne is a CAASM solution that can help you reduce your attack surface by 150%, according to this Total Economic Impact report commissioned from Forrester Consulting.
JupiterOne provides you full context across your attack surface by leveraging a graph database to give insight into where your assets are, how they relate to each other, and the scope of vulnerabilities and attacks that threaten your security.
With the JupiterOne questions library, you can also query your data for consumable answers to complex questions such as:
- Which hosts are vulnerable?
- Are data stores encrypted at rest?
- What is my blast radius for vulnerable user endpoints?
- Show me all inbound SSH firewall rules across my network environments
- Do inactive Okta users have any applications or tokens assigned?
By knowing this information, you can proactively take the appropriate actions to improve your security posture and reduce your attack surface each day.