The attack surface of your company is made up of all those areas that are potentially vulnerable to cyber attacks. These different areas, often called attack vectors, are where an unauthorized user can try to enter data or extract data from your environments. Think of your attack surface as a collection of points, system elements or endpoints that allow a hacker to potentially breach, effect or control your systems and extract or manipulate information for malicious purposes.
The attack surface is what is being attacked; the attack vector is the way in which a malicious actor gains access or control.
Elements of an attack surface
An attack surface composition can range widely between various companies, but often have the same elements:
- Domains and Subdomains (incl. third parties)
- IP Addresses and IP Blocks
- Internet Ports and Services
- SSL Certificates
- Public and Private Cloud
- Web Applications & Frameworks (Wordpress, Ruby/Python/Java/PHP, Apache, Nginx, etc.)
- Web Services (email, databases, APIs)
- Autonomous System Numbers (ASNs)
The less you know about your own attack surface and the larger it is, the harder it will be to protect from hackers. Mapping out your attack surface is a great first step to protecting your company from cyber attacks. Once you have an inventory of all the elements that make up your attack surface you will understand possible attack vectors and manage them.
Attack surface reduction
Let's look at how to reduce the attack surface of a company by following these steps:
The initial analysis of your attack surface will act as your todo list. You won't fix every problem you find instantly but it gives you an accurate todo list to guide your work as you attempt to make your company safer and more secure.