Attack Surface Assessment - An attack surface assessment is a methodical examination of an organization's digital environment to identify potential attack vectors and vulnerabilities. The assessment evaluates the organization's digital assets, such as hardware, software, network infrastructure, and internet-facing applications, to determine the possible ways an attacker could penetrate the organization's defenses.

​

The goal of an attack surface assessment is to provide an overview of the organization's security posture and identify the specific areas that are vulnerable to cyber-attacks. The assessment can help an organization identify and prioritize security improvements and develop a roadmap for mitigating potential security risks.

​

Attack Surface - Gartner has adopted the National Institute of Standards and Technology’s (NIST’s) definition of attack surface: “The set of points on the boundary of a system, a system element, or an environment [the assets] where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment. attack surface - Glossary | CSRC.

​

Attack surface management - is the process of identifying, monitoring, and reducing an organization's attack surface. The attack surface refers to all the possible points of entry that an attacker could use to compromise a system or network, such as open ports, weak passwords, unpatched software, misconfigurations, and third-party integrations.

​

Attack surface management involves a variety of activities, including:

​

1. Inventory: Create an inventory of all the assets in an organization's infrastructure, including hardware, software, and cloud-based services.

2. Assessment: Conduct vulnerability assessments and penetration testing to identify potential vulnerabilities in the infrastructure.

3. Prioritization: Prioritizing vulnerabilities based on their severity and potential impact on the organization's security posture.

4. Remediation: Fix vulnerabilities through patching, configuration changes, or other mitigation strategies.

5. Monitoring: Continuously monitoring the infrastructure to identify new vulnerabilities or changes to the attack surface.

6. Reporting: Generating reports on the organization's attack surface and security posture to help management make informed decisions about risk management and security investments.

By implementing attack surface management practices, organizations can proactively reduce their risk of cyber-attacks and improve their overall security posture.

​

​

Network Architecture - on-premise networks, SD-WAN networks, cloud networks (Azure, AWS, Google), data center networks

​

​

Internet-facing - Internet-facing assets (hosts) are entry points that are typically the most attacked hosts on an organization’s network.

​

• Internet-facing assets:

  • Network components such as routers, firewalls, gateways, IP, Ports,

  • Website's

  • Application's

  • API’s

  • 3rd Party vendors' integration of internet-facing assets

​

​

Threat Landscape - The threat landscape means the entire scope of potential and recognized cybersecurity threats affecting networks, users, organizations, specific industries, or a particular time. 

​

​

Threat vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.

Security Event - A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having the authorization to do so.

​

​

Network Intrusion Detection - Network-based intrusion detection identifies unauthorized, illicit, and anomalous behavior based solely on network traffic.