Big picture attack surface assessment

Attack surface assessment

As a cyber security professional, surface assessment is the primary step you must perform before you venture into monitoring and protecting your IT infrastructure.

The first step is to discover your assets, which may include workstations, servers, IoT devices, network devices, applications, web servers, and other various IT infrastructure devices and appliances.

The key is to define the perimeter at different layers of your network.

Cloud infrastructure is a distinct entity and part of your IT infrastructure. This becomes more complex.

The other keyword is entry points to your assets.

Entry points for your network are different from those for a workstation. They are different for your web servers and externally exposed web applications.

The other keywords are “asset sensitivity” and “Data classification”

The ultimate goal of attack surface assessment is risk reduction.

Usually, the attack surface assessment is done by a vulnerability scanner.

Examples of commercial products are Tenable, Saint, Qualis, etc.

Vulnerability scanners that are open source include Openvas, Nmap, Nessus, etc.

By scanning for vulnerabilities with a tool, you can discover assets, identify vulnerabilities, and develop a plan of action to minimize the attack surface and, ultimately, the risk.