Principles of attack surface protection: Time crowns the winner in security.

The principle of time permeates each aspect of attack surface protection that this series has covered. Contrasted to the other four principles — Discover, Assess, Prioritize and Remediate — time is like the unrelenting ticking of the race clock. Every time a new security gap is created, it is an all-out race between attackers and defenders, with the winner taking all.

Respond too slowly, and you’ll allow attackers into your systems — no one will care that your detection or prioritization capabilities were top-notch.

Act before attackers, and victory is yours. So how do you get and stay ahead for every single new security gap? Move quickly through those vital stages of securing the extended attack surface, shorten the response time and automate where you can.

Time-related risks for the stages of attack surface protection

Consider some of the principal risks of time pertaining to each aspect of attack surface protection.

· Discover: For most organizations, their external attack surface — assets exposed to the internet — is a mammoth, amorphous entity where many risks are shrouded in fog because they are in assets unknown to or not managed by, the security team. Time is of the essence when attackers are constantly pounding on your server, especially when it belongs to a subsidiary that you didn’t know was yours. Without good visibility, it can take weeks, potentially even years, to learn about unknown or unmanaged networks, cloud environments and even acquired subsidiaries.

· Assess: Organizations typically assess the security of assets only periodically: once a month, a quarter or even a year. This gives attackers plenty of time to find the most attractive weak spots and attack them. Testing assets more frequently reduces the risk of a breach by exposing your security gaps sooner so security teams can address them.

· Prioritize: Risk prioritization requires classification of assets by business purpose. This core component of the prioritization process is normally done via an error-prone manual process. Prioritization delays can be deadly from a risk perspective, especially with security teams swamped by thousands of “urgent” alerts lacking context on how much risk they really carry.

· Remediate: Mitigating the security gap, the last step for protection, demands maximum time efficiency from remediation teams. Prioritization is key for this step. Without a well-ordered list of fixes, ideally informed by business context and exploitability, remediation teams lose time fixing the wrong things.

Speed up the cadence to improve protection

The timing of each stage of protection has implications for enterprise security. Testing, which is the primary tool of assessment, often follows a cadence similar to an organization’s compliance regime. Standards such as the PCI.

Data Security Standard might require scans or tests quarterly, while other regimes might require only a semi-annual or annual test.

Giving attackers three whole months to find new security gaps and exploit them is a lifetime. This renders compliance regimes essentially meaningless as security guideposts. It may get you off the starting blocks, but chances are that

the start of the race is the last time you’re even in the race, and attackers will find a way in well before you can fix it. There are thousands of offensive groups scanning various assets all of the time, so it’s really a situation where your one team is in a race against thousands of attacker groups. That is why it is so important to do everything you can to even the odds. Speeding the cadence of testing is one of these things.

Improving the key indicator of time: MTTR

Attackers continuously scan IP ranges at large companies, immediately exploiting what they find. So, mean time to respond, repair or remediate is a key indicator of a security team’s ability to control and reduce risks in a timely fashion.

For instance, at one of our customers, we identified a 15-year-old on-prem server connected to its network. No one knew the server’s purpose, so no one ever unplugged it. It functioned as an informal coffee table. Our platform discovered it was internet-exposed, easily seen and could be compromised and used in a lateral attack. Just finding vulnerable devices like this one can take months or years (if it’s ever discovered) — an MTTR that is unacceptably slow in today’s high-risk environment.

Conclusion

Time is critical for attack surface protection. Solid processes, automated at scale, help eliminate material risk faster for immeasurably stronger security. Focus on these three things as you work to reduce your process times.

1. When attackers find something before you do it will be exploited. At any given moment, you need to be able to identify — and report to management — on your top 10 security gaps. These typically create 90% of the business risk.

2. If your MTTR is measured in months, slow attack surface mapping and risk prioritization are usually the primary culprits. Focus on decreasing the time it takes to find networks, applications and cloud environments, especially those you weren’t previously aware of or don’t manage. And find ways to contextualize assets and risks.

3. Your security teams are already stretched to their limits. Empower them with automated solutions that accelerate the attack surface protection process so they can leverage their expertise where it matters most.

Why ABM is Key to Strengthening your Marketing Strategy

Erin Lanahan • 16th May 2024

Account-Based Marketing (ABM) is revolutionizing B2B marketing by targeting high-value accounts with personalized strategies. Unlike traditional methods, ABM focuses on specific companies, delivering tailored content that meets their unique needs. This approach not only boosts ROI but also strengthens customer relationships and drives long-term growth. By aligning marketing and sales efforts, ABM ensures a unified...

Overcoming the Obstacles to AI Adoption

Kit Cox • 02nd May 2024

The power of AI combined with suitable use cases and a robust implementation plan can help businesses to radically reduce the time spent on manual, repetitive tasks, and allow teams to prioritise value-added work. But in all the excitement, it’s evident that many businesses are held back by inertia, and a lack of understanding about...

Overcoming the Obstacles to AI Adoption

Kit Cox • 02nd May 2024

The power of AI combined with suitable use cases and a robust implementation plan can help businesses to radically reduce the time spent on manual, repetitive tasks, and allow teams to prioritise value-added work. But in all the excitement, it’s evident that many businesses are held back by inertia, and a lack of understanding about...

How Predictive AI is Helping the Energy Sector

Colin Gault head of product at POWWR • 29th April 2024

In the past year or so, we have seen the emergence of many new and exciting applications for predictive AI in the energy industry to better maintain and optimise energy assets. In fact, the advances in the technology have been nothing short of rapid. The challenge, though, has been in supplying the ‘right’ data to...

How Predictive AI is Helping the Energy Sector

Colin Gault head of product at POWWR • 29th April 2024

In the past year or so, we have seen the emergence of many new and exciting applications for predictive AI in the energy industry to better maintain and optimise energy assets. In fact, the advances in the technology have been nothing short of rapid. The challenge, though, has been in supplying the ‘right’ data to...

Cheltenham MSP is first official local cyber advisor

Neil Smith Managing Director of ReformIT • 23rd April 2024

ReformIT, a Managed IT Service and Security provider (MSP) based in the UK’s cyber-capital, Cheltenham, has become the first MSP in the local area to be accredited as both a Cyber Advisor and a Cyber Essentials Certification Body. The Cyber Advisor scheme was launched by the Government’s official National Cyber Security Centre (NCSC) and the...

How we’re modernising BT’s UK Portfolio Businesses

Faisal Mahomed • 23rd April 2024

Nowhere is the move to a digitised society more pronounced than the evolution from the traditional phone box to our innovative digital street units. Payphone usage has dropped massively since the late 1990s/2000s, with devices and smart phones replacing not only communication access, but the central community points that the payphones once stood for. Our...

How we’re modernising BT’s UK Portfolio Businesses

Faisal Mahomed • 23rd April 2024

Nowhere is the move to a digitised society more pronounced than the evolution from the traditional phone box to our innovative digital street units. Payphone usage has dropped massively since the late 1990s/2000s, with devices and smart phones replacing not only communication access, but the central community points that the payphones once stood for. Our...