攻击面是, 本质上, the overall vulnerability that is created by a business’ digital network over which it conducts certain operations. 在这种情况下,网络是“表面”.“威胁行为者试图在他们认为可以进入的任何地方穿透这一表面.
根据 National Initiative of Cyber安全 职业生涯 和 Studies of the United 状态s Government, the attack surface of an application represents the number of entry points exposed to a potential attacker of the software. 攻击面越大, 攻击者可以使用的攻击方法越多. 攻击面越小, the smaller the chance of an attacker finding a vulnerability 和 the lower the risk of a high impact exploit in the system.
Securing a business’ attack surface may seem like an exercise in futility or a game of whack-a-mole when a 安全 organization has put one threat down only to have to address another threat somewhere else along the attack surface.
然而, modern 安全 providers have created suites of solutions 和 evolved them to address just this type of pervasive onslaught of suspicious activity so that an organization can effectively thwart threats en masse to help keep the business running 和 moving forward.
开始思考攻击面是什么样的, 它有助于将其置于个体组织的背景中. 每个组织都有不同的目标,因此每个人 攻击面管理 方法看起来会有所不同.
数字攻击面包括部署在任何设备上的所有web应用程序, api, 网络安全项目,以及网络上任何可以归类为“数字”或非物理的东西. 如果企业与供应链合作伙伴签订合同, 然后,他们的攻击面自然会延伸到他们特定组织的外围.
A physical attack surface encompasses any non-digital hardware that is critical to maintaining a network. 这可以是一个详尽的列表,包括服务器,端口,布线或网络电缆,物理 端点 比如手机、笔记本电脑、智能手表、智能耳机和数据中心.
Attacks on this type of surface require different behaviors on the part of would-be attackers as they would have to physically acquire or access these tangible assets in order to manipulate them.
如上所述,人类主要构成了与社会工程相关的攻击面. 这包括 钓鱼式攻击, “粘蜜罐”,链接欺骗和搭便车. This type of attack is designed to convince a human user on a network that what they are seeing is entirely valid.
It could be a fake email designed to get a user to click a link that installs malware on that endpoint; it could be someone piggybacking into an office, attempting to convince an actual employee they forgot their badge; or social engineering could come in the form of a text message sent to a user that appears to be from their manager or someone else in the company.
如果存在攻击面,那么攻击向量究竟是什么? 我们知道,“向量”是一个事物访问另一个事物的方式. 但, what does that mean in terms of cyber安全 和 what distinguishes it from the surface as a whole?
An attack vector simply refers to a single pathway through which a threat actor attempts to access a network. An attack surface consists of all of the vectors along an entire network that threat actors can potentially exploit.
攻击向量本质上是攻击者进入系统的切入点. 从那里, 攻击者会采取深思熟虑的攻击路径来获取他们想要的信息或资源. 恶意软件, 例如, 有三种主要的载体类型——特洛伊木马, 病毒, 蠕虫——利用典型的通信方式,如电子邮件.
单个攻击向量会创造出小的开口, but the combination of all of those entry points creates a larger vulnerability that can turn common networks into dynamic attack surfaces. 如果您的网络已成为一个动态攻击面, 那么从整体上考虑安全项目可能是个好主意, 包括 扩展检测和响应(XDR), 云安全, 漏洞风险管理(VRM).
操作电脑的人, 系统, 安全, networks can also be thought of as attack vectors when social engineering attacks like phishing scams come into play.
Identifying the pathways along your attack surface where a threat actor could strike is an exercise in creating the most critical part of a cyber安全 program – one that is dynamic, 多方面的, 和连续.
根据 开放全球应用程序安全项目,攻击面分析可以帮助识别:
最后一点与分析和识别攻击面的需求一致 不断. It also requires 安全 practitioners to know when company 和 安全 objectives have changed so they can then adjust risk profiles. What might have been considered a priority for remediation in order to shore up defenses along the 攻击路径 昨天可能在今天的列表中排名更低.
If an attack surface encompasses the collection of points along a network that an attacker could exploit, 考虑一下,根据调整后的风险概况,该集合的变化频率.
Let's dive into a few best practices that can help 安全 organizations to minimize the many vulnerabilities/vectors/break-in points threat actors are looking to exploit.
利用诸如 云风险管理(CRM), 扩展检测和响应(XDR), now AI-driven cloud anomaly detection can accelerate a 安全 team's attack surface reduction mission 和 help them eliminate threats with speed 和 precision.