Blog
Want to Prevent Breaches? Reduce the Attack Surface!
By BUFFERZONE Team
There are plenty of strategies, tactics, techniques and tips that aim to help organizations prevent cyber threats from infecting their network. And while much of this advice is valid, there is one essential best practice that should be at the top of the list: reducing the attack surface.
Understanding the Attack Surface
The attack surface refers to the totality of an organization’s cyber security exposure to known, potential and unknown threats. There are three attack surface zones: software, human and network.
- The software attack surface is comprised of software environment-related vulnerabilities, such as exploitable web applications, web pages, email services, databases, executables, and so on.
- The human attack surface is comprised of vulnerabilities unintentionally or intentionally created by end user activity, such as employees who fall for spear phishing attacks, browse to infected web sites, and so on.
- The network attack surface is comprised of vulnerabilities resulting from exposure to open ports, network applications, protocols, channels, and so on.
The size and scope of the attack surface varies from organization to organization. It is also organic, in the sense that it changes over time. For instance, as more organizations adopt cloud computing, their attack surface will increase, and more vulnerabilities will emerge.
Why Reducing the Attack Surface is Essential
While it is widely understood that both prevention and detection are necessary on today’s cyber threat landscape, this does not mean that they are equally weighted in terms of organizational value. Preventing a breach is always going to be more valuable than detecting one. Whereas the latter is measured in terms of costs (i.e. paying for remediation, asset recovery/replacement, and reputation rehabilitation), the former is measured in terms of benefits (i.e. saving money, preserving reputation, and maximizing productivity). In this light, the importance of reducing the attack surface is clear: it significantly boosts an organization’s capacity to prevent a breach.
So given this, why aren’t more organizations simply following this best practice? According to ESG senior principal analyst Jon Oltsik, it is because legacy tools are not equipped to achieve this goal. Instead — and paradoxically — the over-adoption of legacy tools is making the attack zone more porous by creating what Olitsik calls both an “operational infosec nightmare”, and a “mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses”.
Clearly, the way forward for organizations is not to add yet another point tool, as this will only worsen the “infosec nightmare” they already face. Instead, organizations need a practical, simple and cost-effective way to rapidly reduce their attack surface – which is precisely what BUFFERZONE is designed to do.
BUFFERZONE and Reducing the Attack Surface
BUFFERZONE complements existing endpoint security platforms – such as McAfee and Microsoft — and helps organizations prevent costly data breaches by reducing all three attack surface zones: software, human and network.
- BUFFERZONE reduces the software attack surface by running risky applications on the endpoint – such as web browsers, email, Skype, FTP, and even removable storage — in a contained, virtual environment. As such, an infection attempt will be trapped in the container, and will not reach the endpoint or the network.
- BUFFERZONE reduces the human attack surface by protecting organizations from malware and other threats deployed through spear phishing emails and end user error, such as taking laptops offsite and using them on insecure networks, visiting websites that unknowingly host drive-by-downloads or malvertising, and so on. This is increasingly important given that today’s spear phishing attempts are more sophisticated and successful than ever before.
- BUFFERZONE reduces the network attack surface by isolating an organization’s private network from their public network on the endpoint, while still allowing employees to work as usual. BUFFERZONE also collects information about suspicious software – such as registry alterations, file system activity, network activity, and on – and shares it with SIEM and other Big Data analytics platforms for organization-wide event correlation.
The Bottom-Line
As noted above, prevention and detection are both important pieces of the cyber security puzzle. But prevention is clearly optimal, and BUFFERZONE helps organizations achieve this essential objective by reducing their attack surface. Indeed, this is not just another best practice. Given the skyrocketing costs and consequences of a data breach, it is arguably the best practice.


 
         
         
         
         
         
        






