This article covers an overview and the types of attack surface exposure mapping features available in the Resolution Intelligence Cloud.
What is an Attack Surface?
Attack Surface is defined as the total number of all possible entry-points for unauthorized access to a system. The vulnerabilities, and endpoints that are included to face a potential threat from an attacker. The attack surface is also an entire area of organization, or any system that is susceptible to hacking.
What is Attack Surface Exposure?
Attack Surface Exposure is a continuous monitoring of attack surfaces to detect any hackers entering an organization's digital or physical surfaces. It enables the security teams to identify vulnerabilities and detect exposed vulnerabilities from external hackers.
What are Attack Surface types?
Tangible surfaces - include all physical devices such as ports of servers, desktops, laptops, mobiles, and USB ports. Devices that may contain client's data and passwords are discarded improperly.
Intangible or Digital surfaces - comprise applications, code, ports, servers, and websites. These digital surfaces are easily attacked due to improper management of software applications, weak passwords, default system settings, and poor code written by software professionals.
Resolution Intelligence Cloud provides analytical behavior of threats that originated from different sources in the form of interactive visualizations. See Understanding Attack Surface Exposure Dashboards for more information on incoming threats.
Attack Surface Mapping
Attack Surface Exposure is mapped to the following categories when a cyber threat is initiated from external environments. The Attack Surface Exposure feature can generate 22 records on the following vulnerabilities per day per customer:
Threat - can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, or harm an object or objects of interest. Threats can be any of the following:
- Infrastructure threat - Physical infrastructure attacks can be accomplished simply by snipping a fiber-optic cable. Example, Denial of Service (DoS) attack.
- Domain Threat - Hacker gains access to domains such as .com, .in. Example, gaining access to Domain Name System (DNS).
Brand Exposure - Attackers cause damage to the reputation, and image of organizations by posting malicious content on fake websites, social platforms like Facebook, and selling counterfeit products through digital marketplaces and app stores. The brand of an organization can be exposed negatively to the public in the following ways:
- Breached Email - An e-mail breach is an incident where the security of an e-mail or associated accounts was compromised.
- Cloud Storage - An attacker gains access to harm/steal valuable data from public cloud storage due to improper data governance, poor credentials.
- Typo squatted domains - These domains are registered with misspelled names of well-known websites to damage reputation of a popular brand.
- Code Repos - Repositories that store weak codes are a probable route to gaining unauthentic access and causing potential damage to the brand of an organization.
- Expiring Soon and expired Domains - Domains that are going to expire mean all functionalities associated with that domain will be ceased. Attackers use this type of domain to gain access to confidential data.
- Subdomain takeover - A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name in the Domain Name System, but no host is providing content for it.
Misconfiguration- Misconfiguring servers, laptops, and desktop ports leaves a chance for attackers to gain access and steal the data. Example, If directory listing is not disabled on the server and if attacker discovers the same, then the attacker can simply list directories to find any file and execute it. Misconfiguration can take place in any one of the following ways:
- WebApp - Cyber Attackers could detect misconfiguration vulnerabilities while setting up web application with default settings and exploit the same, causing severe harm directly or indirectly.
- Service Identification - Most security scanners include a robust service identification engine, capable of detecting more than 90 different application protocols. Cyber threat happens when poor identification of service takes place in a network.
- Service Authentication - Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server. When users setup poor credentials like easily guessed passwords and login details can lead to cyber threat.
- Expiring Soon and expired certificates - Websites works intermittently with the use of SSL certificates installed on a network. Expiring or expired certificates can lead to the services that are hosted on a website will become non-functional and you will no longer be able to run secure transactions on your website.
- Self signed certificates - These are public key certificates that their users issue on their own behalf, as opposed to a certificate authority (CA) issuing them. Attackers use these self signed certificates to gain access control over your network.
Vulnerability- a state being exposed to a threat that causes potential damage to IT assets.
- Vulnerable Services - The services that have a weak credentials and open ports on servers can lead to cyber threat
- Vulnerable CMS - In content management system(CMS), a vulnerability occurs when a malicious actor targets a CMS platform for stealing and initiating attacks against other tenants.
Comments
0 comments
Please sign in to leave a comment.