The Expanding Attack Surface: A Common Sense Security Approach
Recently, I had the pleasure of reading Jon Olsik’s opinion piece on The Increasing Cybersecurity Attack Surface. I agree with many of the opinions put forward in the piece. Those business advancements that leverage the Internet to offer new services to customers, streamline business processes, or create virtual supply chains have risk trade-offs. The need to adopt technologies to generate greater profits has always been placed ahead of the potential risk of implementation. Meanwhile, security teams have traditionally been starved for technology refresh dollars and a lack of personal due to cost and the availability of talent. This has been a key trade-off is in the area of cybersecurity risk and expanding the attack surface. These risks radiate out of the business to affect customers and business partners.
My observation is that while businesses open up avenues of collaboration with other businesses as supply chain or ecosystem partners, there is little to no evidence that business partners collaborate in the area of cybersecurity. It’s like having teams of cyber security professionals in the same company only looking out for their regional office but not thinking that the connection point between them might be a weak link. As Jon says, “CISOs must accept this reality and stop addressing cybersecurity as a series of discrete problems. The only way to address the growing attack surface is with a comprehensive strategy [and] integrated controls…” I also agree with Jon that, “…internal and external IT infrastructure should be viewed as a holistic attack surface and addressed accordingly.”
There is one common activity across all of the attack surfaces and one place that an ecosystem of supply chain partners could look to as a way of addressing the problem–identity-based anomalous behavior detection or user behavior intelligence. Every IT process across all business partners begins with credentialed access. Whether it’s web services, direct access of a cloud service by an employee or ordering goods from another company to restock supply, there is very often some sort of credential in use.
The monitoring of accounts that have inbound access to our servers and applications is a critical (and often missing) piece of a security strategy. User behavior analytics product like Exabeam can be used to ensure that the right person or machine accesses the right account in the right way at the right time with the right device from the right place. Account take-over and user impersonation was the attack vector for the biggest breaches so far this year and all of last year. As Jon says at the close of his article, “…the only way to address the growing attack surface is with a comprehensive strategy…and end-to-end security data collection, processing, and analytics.”
Just click the button to see a solution to the attack surface expansion problem.