What is an Attack Surface?
Attack Surface is defined as the total number of all possible entry-points for unauthorized access to any system. The vulnerabilities, and endpoints that are included to face a potential threat from an attacker. The attack surface is also an entire area of organization, or any system is susceptible to hacking.
What is Attack Surface Exposure?
Attack Surface Exposure is a continuous monitoring of attack surface to detect any hackers entered organization's digital or physical surfaces. Attack Surface Intelligence enables security teams to identify vulnerabilities and detect exposed vulnerabilities from external hackers.
What are Attack Surface types?
Tangible surfaces - include all physical devices such as ports of servers, desktops, laptops, mobiles, and USB ports. Devices that may contain client's data and passwords are discarded improperly.
Intangible or Digital surfaces - comprise applications, code, ports, servers, and websites. These digital surfaces are easily attacked due to improper management of software applications, weak passwords, default system settings, and poor code written by software professionals.
Resolution Intelligence provides analytical behavior of threats that originated from different sources in the form of an interactive visualizations. See Understanding Attack Surface Exposure Dashboards for more information on incoming threats.
Attack Surface Mapping
Attack Surface Exposure is mapped to following categories when a cyber threat initiated from external environments. Attack Surface Exposure feature can generate 22 records on the following vulnerabilities per day per customer.
Threat - can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm object or objects of interest. Threats can be any of the following.
- Infrastructure threat - Physical infrastructure attacks can be accomplished simply by snipping a fiber-optic cable. Example, Denial of Service (DoS) attack.
- Domain Threat - Hacker gains access to domains such as .com, .in. Example, gaining access to Domain Name System (DNS).
Brand Exposure - Attackers cause damage to reputation, and image of organization by posting malicious content over fake websites, social platforms like Facebook, selling counterfeit products through digital market places and app stores. Brand of an organization can be exposed negatively to public via the following ways.
- Breached Email - An e-mail breach is an incident where the security of an e-mail or associated accounts was compromised.
- Cloud Storage - An attacker gains access to harm/steal valuable data from public cloud storage due to improper data governance, poor credentials.
- Typo squatted domains - These domains are registered with misspelled names of well-known websites to damage reputation of a popular brand.
- Code Repos - Repositories that store weak code is probable route of gaining unauthentic access to cause potential damage to brand of an organization.
- Expiring Soon and expired Domains - Domains that are going to expire means all functionalities associated with that domain will be ceased. Attackers use this type of domains to gain access to confidential data.
- Subdomain takeover - A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name in the Domain Name System, but no host is providing content for it.
Misconfiguration- Misconfiguring servers, laptops, and desktop ports leaving a chance to attacker to gain access and steal the data. Example, If Directory listing is not disabled on the server and if attacker discovers the same then the attacker can simply list directories to find any file and execute it. Misconfiguration can takes place through any one of the following ways.
- WebApp - Cyber Attackers could detect misconfiguration vulnerabilities while setting up web application with default settings and exploit the same, causing severe harm directly or indirectly.
- Service Identification - Most security scanners include a robust service identification engine, capable of detecting more than 90 different application protocols. Cyber threat happens when poor identification of service takes place in a network.
- Service Authentication - Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server. When users setup poor credentials like easily guessed passwords and login details can lead to cyber threat.
- Expiring Soon and expired certificates - Websites works intermittently with the use of SSL certificates installed on a network. Expiring or expired certificates can lead to the services that are hosted on a website will become non-functional and you will no longer be able to run secure transactions on your website.
- Self signed certificates - These are public key certificates that their users issue on their own behalf, as opposed to a certificate authority (CA) issuing them. Attackers use these self signed certificates to gain access control over your network.
Vulnerability- a state being exposed to a threat that causes potential damage to IT assets.
- Vulnerable Services - The services that have a weak credentials and open ports on servers can lead to cyber threat
- Vulnerable CMS - In content management system(CMS), a vulnerability occurs when a malicious actor targets a CMS platform for stealing and initiating attacks against other tenants.