Attack Surface Visualization: Nice picture, now what do I do with it?
Shannon RaganMay 5, 2016
The ability to see your entire IT infrastructure and the ways in which it could be compromised is a ground breaking capability designed for the complex networks and threat landscape of today. From a simple picture, security teams can view integrated data from dozens of security and networking products – despite vendor or location – and see indicators of exposure (IOEs) prioritized in the unique context of their organization.
But how do you turn a picture into action?
Check out the Attack Your Attack Surface whitepaper for a scenario of insights gained from a seemingly simple picture.
Focus on Actually Critical Risk
Attack surface visualizations need to take into account huge amounts of data, from the IT infrastructure itself and internal and external threats against it. For comprehensive understanding of risk, solutions need to consider everything from new vulnerabilities and vulnerability concentrations to risky access paths, network misconfigurations and rule violations.
If we look only at vulnerabilities, for example, an enterprise may have tens or hundreds of thousands of vulnerabilities lurking within their network, and new vulnerabilities are announced (and exploited) every day.
An effective attack surface visualization solution will help vulnerability management teams focus on exposed vulnerabilities: those that can be exploited through an attack vector accessible to threat actors. Scanners can’t understand this distinction because they lack insight to topology and security controls, and largely have to use standard CVE scoring to assign severity.
But contextual intelligence of the attack surface will help focus efforts on truly critical risk, rather than dissipating efforts on low-priority or “critical” risks in name only.
Respond Faster to Emerging Threats and Ongoing Attacks
When a zero-day attack hits the headlines or IOCs point to an ongoing attack, it’s tempting to launch into firefighting mode. Without effective methods of determining what vulnerabilities can be exploited by a threat, security and IT operations teams could be fighting that fire for weeks.
With an attack surface visualization solution, you can identify all the related vulnerabilities across an entire enterprise in a matter of hours. Its contextual intelligence can also prioritize which vulnerabilities should be addressed first and, for those unreachable to attackers, scratch them off the to-do list.
By taking into account the larger context of an organization’s attack surface, teams can understand all remediation options at their disposal. Instead of patching software on hundreds or thousands of desktop systems, changing rules on one firewall or adding an IPS signature may be a more appropriate response.
Improve Security Management Programs
In addition to insights to risk and remediation options, attack surface visualization can also provide needed intelligence at the operational level. Comparative data from such solutions can identify security and network teams that should be emulated or may require more resources or training.
Audit preparation can be greatly streamlined by utilizing the solution’s up-to-date topology maps and vulnerability documentation. It can validate corporate policy compliance, firewall and security device rules, as well as be used as a documenting tool to track progress toward security and compliance goals.
These improvements and the capabilities powered by an attack surface visualization solution all point to its biggest advantage: better use of resources. With complete visibility and context, security teams can finally get an understanding of their overall security status and have the intelligence they need to take the right action quickly in a way that makes sense for their organization.
Zoom in on specific sites or devices, focus on a particular type of IOE or severity level or see your entire attack surface in one view – the multiple perspectives of the Skybox attack surface visualization solution, Skybox® Horizon, offers different advantages to different security stakeholders.
Why is it so hard to see the attack surface and what happens when you’re fighting blind? Learn more.
See how attack surface visualization is changing the security status quo and powering agile, adaptive enterprise security.