Attack Surface Reduction
Limiting Exposure: Protecting yourself from the various cybersecurity attacks is more than just implementing the latest and greatest technologies. There should also be a thought process of pro-actively reducing the attack surface to limit what is exposed as well in conjunction implementing these new technologies that can detect the ever elusive new cyberthreats. While there is still a great deal of Zero day malware that is being detected, a great majority of attacks still try to take advantage of known vulnerabilities.
Below are a few recommended tactics to help reduce the attack surface:
- Reducing the number or ports/services that are open on the firewall and trying to limit this to only what is required for business purposes.
- Using a next generation firewall to granularly control based on application as opposed to controlling traffic based on ports/services. IE. Port 80 is no longer just web browsing traffic.
- Eliminating any unnecessary protocols and services running on endpoints or servers.
- Using identity management to provide granular access to applications based on privilege level. This also provides a way of tracking in logs based on user identity as opposed to just source IP address.
- Some customers are taking this a step further and segmenting their internal network so the firewall needs to be traversed even for internal traffic. This provides the ability to scan this internal traffic for threats.