5 Tips to Stay on the Offensive and Safeguard Your Attack Surface

New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.

Steve Ginty, Principal Program Manager, Microsoft Defender Threat Intelligence (MDTI), Microsoft

December 8, 2021

4 Min Read
Source: Aleksey Funtap via Alamy Stock Photo

How well do you know your attack surface? Enterprise digital attack surfaces have dramatically changed in a very short period, going lightyears beyond firewall-protected internal networks. The main challenge: You may not be monitoring your organization's share in its entirety and may not even know what to look for.

Unfortunately, someone else with malicious intent probably is.

As businesses adopt digital initiatives and innovations that help them grow, they're extending their attack surface in far-reaching and dynamic ways. This transformation, accelerated by the COVID-19 pandemic, can leave organizations vulnerable in ways they don't realize.

This widespread myopia of organizations into their digital presence resulted in a fundamental change in the scope of cyberattacks. The sheer size of modern attacks, such as those leveraging vulnerabilities in Microsoft Exchange and SolarWinds, go beyond our original concept of cybersecurity. In reality, these new global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.

How the Attack Surface Expands
The attack surface is no longer just the company network. If you're only protecting your network from threat actors, you're likely unaware of the full extent of your attack surface — leaving you open to exploitation.

Organizations expand their attack surface by moving workloads, applications, and infrastructure in the cloud, moving away from on-premises data storage. They're great for cost-saving, efficiency, and flexibility, but defending cloud environments requires a different kind of awareness.

Additionally, the pandemic forced a massive decentralization of the workforce practically overnight, creating radical changes in access, operations, and processes. Suddenly workers were no longer working underprotected enterprise networks but through VPNs and personal internet connections.

The move to "shifting left" in many organizations results in quick deployments and allows for more innovation and iteration. But rapid deployments can also increase the chances of misconfigurations or bugs, leaving attack surfaces vulnerable. Organizations are deploying an expanded set of internet connected devices, further extending the attack surface. And with the volume and scale of recent malicious activity, it's no wonder that they're having a hard time staying ahead of attacks.

Keeping Up Can Be Difficult
As I mentioned above, various issues, operational changes, and even positive innovations can impact organizational attack surfaces. But most organizations are simply trying to keep up with the onslaught of threats out there. They are remaining reactive to incidents — which is not where you want to be when facing ever-evolving threat actors looking to exploit weakness when they see it. And they've been doing it a lot more lately.

We're constantly seeing incidents of malicious actors taking advantage of the massive move to remote work. While it enabled organizations to continue work during the pandemic, it suddenly exposed a rash of new vulnerabilities. Their workers were no longer logging in through the secure network and threat actors began targeting VPNs or RDP services. They set up backdoors or long-term footholds, where they're then able to siphon off data or deliver ransomware. For example, Iranian APT actors have been targeting VPNs in a multiyear campaign, and ransomware groups targeted the VPNs and RDPs of health and aid organizations at the beginning of the pandemic — showing complete disregard for whom they're targeting.

Organizations don't have to accept attacks as a way of life, nor should they always chase the latest attacks, remaining a step behind. Here's how to become more proactive when it comes to defending your attack surface.

Expand Visibility
Start by getting improved visibility into your attack surface… your systems, websites, and Internet-connected assets, as well as your digital supply chain and third-party ecosystem.

Update Your Inventory
Having an inventory not only allows you to map your attack surface more accurately but gives you a to-do list of updates, patches, and fixes so you can decrease your vulnerabilities.

Map the Terrain
By mapping out your attack surface — including legacy systems, cloud environments, remote access points, and devices — you can then get a sense of how innovations and initiatives will expand your attack surface before they're implemented as well.

Prepare Properly
Be sure to put the right security-minded team in place and make sure they're getting relevant and actionable intelligence. Create a response plan and run drills to make sure you're prepared and model out possible attacks.

Play Offense
As you build up capabilities, begin to look outwards to collect intelligence about what attacks are happening against your organization. What do they typically look like? What systems do actors normally target? Answering these questions will not only help you uncover vulnerabilities but start to recognize the tactics and strategies threat actors are using against you. As you get to know the enemy more, you'll begin to anticipate their next moves.

Do you know where your attack surface is? Do you know who's targeting your organization? Do you know how to defend your systems? Follow the steps above, and continue to increase your awareness of your attack surface, and your answer will be "yes."

About the Author(s)

Steve Ginty

Principal Program Manager, Microsoft Defender Threat Intelligence (MDTI), Microsoft

Steve Ginty is the principal program manager for Microsoft Defender Threat Intelligence (MDTI) at Microsoft.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights