All Articles

Explore the fundamental concept of attack surface management and its role in fortifying organizational cybersecurity. Brad sheds light on the importance of evaluating and controlling the attack surface to mitigate potential threats effectively.

Here is the verbatim discussion:

And really what it comes down to is uh it comes right back to the attack surface but it's it's really being strict around you and have being open and saying do we really need this so um good good aspect to it is um you know you talked about uh the attack surface getting into you know areas where uh now we have you know iot and endpoint and more things that are you know interconnected with the cloud and and more exposed it's no longer just a a network perimeter uh especially in these these smaller organizations they have all these end points and um and all these different aspects and and having a their environment be hardened and then um implementing uh Network segmentation and and breaking off those components so like a good example going back to the the the analogy you know if someone breaks into my house and I lock each individual door within my house which is the equivalent of having segmentation it actually you know it it kind of hardens the the the internal aspect once they actually break in so the the overall uh impact that that exists is is greatly reduced and and that's really the fundamentals around the attack surface management component so if if it and that kind of the advice of given organizations is like if it doesn't need to be in your environment then don't have it be in your environment so if you don't need organizations to access uh to basically not have any kind of like URL filtering or having any kind of like block websites like you shouldn't be able to go to whatever website that you want um if you're working in in a corporate environment on a corporate machine and that's a very common mistake that organizations have they don't have any policies around what people can access can access and in some work environments it's not appropriate and doesn't make sense from a security perspective to have social access to social media or being able to uh have or uh users typical regular users have administrative access so they can download whatever programs that they want and you know I I can think of over a hundred examples where that that was common place and and organizations have come to me ask me you know is it a best practice to not have the end user have access to administrative rights and it's like well yeah absolutely and that's an easy fix it doesn't cost anything to do that um you know it's not a Bonafide business need to have them have it and it greatly reduces your scourgey risk and once you start adding in things like multiactor authentication um stricter password rules um and then password resets having the the segmentation aspect where you're locking each individ visual door uh and then basically constantly checking and going in and doing the these um these monitoring aspects and having these uh different exercises with red teams and having more of the in depth on specific use cases so like this month we're going to go in and and just validate that um know we can respond to a fishing attack or ransomware attack or um someone taking advantage of um vulnerability in our our server architecture and then um and there's a lot of Open Source software out there too there's pros and cons to that but there are a lot of tools out there and a lot of organizations are actually moving towards um a product like growth type approach where they actually have a premium level version of their product um so those are definitely things that they should absolutely take advantage of where there there's tons of tools out there that they can get exposure to and and uh get access to that they can have exposure to especially if they're tight on budgets the other thing too is to prioritize um Consolidated Solutions so with the Advent of uh empo protection platforms and uh extended detection response or xdr and a lot of the MDR um managed detection response and managed Services out there uh you you can I would certainly prioritize kind of a an all- inone type approach where you can get um it's not necessarily the best to breed in in all the different categories but you can identify certain areas that are the most important to you and and being able to implement that and and and kind of it you get.

Highlights:

Minimizing Attack Surface: Brad emphasizes the importance of scrutinizing the attack surface and eliminating unnecessary elements from the environment. Drawing parallels to securing a physical space, he explains how network segmentation acts as a barrier, reducing the impact of potential breaches.

Policy Implementation: Discussing common security pitfalls, Brad highlights the significance of implementing robust policies. He underscores the need for restricting user access, enforcing stricter password rules, and deploying multi-factor authentication to enhance security posture.

Continuous Monitoring and Response: Brad advocates for continuous monitoring and proactive response strategies to combat evolving cyber threats. He discusses the value of conducting regular exercises, such as simulated phishing attacks and vulnerability assessments, to identify and address potential weaknesses.

Utilizing Tools and Solutions: Explore the array of tools and solutions available for bolstering cybersecurity defenses. Brad recommends prioritizing consolidated solutions, such as endpoint protection platforms and managed detection and response services, to streamline security operations and maximize efficacy.

Brad emphasizes the importance of adopting a proactive approach to attack surface management. By minimizing the attack surface, implementing robust security policies, and leveraging advanced tools and solutions, organizations can enhance their cybersecurity posture and mitigate the risk of potential threats.

Speakers: