How to Reduce Attack Surface

By James Robinson ·

An effective strategy to help protect your organization is to reduce the noise, allowing for easier detection of an exploit; while at the same time increasing the difficulty to compromise. This, in effect, reduces the adversaries operating surface, funneling the attacker into a smaller and smaller area over time, until the likelihood of an attack is minimal. 

Reducing the noise allows you to take a better position to see the event or attack occurring. Some examples include adopting monitoring technology such as security information and event management (SIEM), tuning of detection or protection systems, and advanced analytics. Reducing the noise can also include leveraging threat intelligence in data correlation to better define an attacker. These activities allow an organization to move up the chain from simply gathering data, to understanding and using the information, to eventually predicting events through security intelligence. 

In addition to reducing the noise, increasing the difficulty of compromise also limits an attackers operating surface. Effective tactics include:

Configuration Management: To maintain your systems, make sure that security tools are enabled and other services are secure by default, and uninstall unnecessary software. This is a simple step you can take that provides a huge benefit in reducing your attack surface. 

Memory Randomization and Tools: Leverage tools like Microsoft Enhanced Mitigation Experience Toolkit (EMET), Microsoft Data Execution Protection (DEP), Microsoft/Apple Address Space Layout Randomization (ASLR), Microsoft Structured Exception handler Overwrite Protection (SEHOP) to enhance your systems ability to protect itself. Not all of these tools are enterprise ready, but the ones that are not still have great effectiveness in point scenarios on critical systems. 

Secure Application Development: If you are building a product that is going to the market, secure application development is a necessity. This is a direct, revenue-facing function that adds tremendous value to the business.

Patching: Make sure your systems are always up-to-date with the latest patches. Exploiting old vulnerabilities is an easy way for an attacker to compromise your system. 

Sandboxing and Containers: If an exploit does occur, sandboxing can be used to “catch” the attack and a container can control the impact. This helps to significantly minimize the overall damage.  

Exploit Analysis: Documenting and analyzing malicious code that caused an exploit helps your organization because you can leverage the data to better understand or identify you adversaries.

Integrating these strategies into your security program make it much harder for exploits to attack your organization’s systems. By reducing your adversaries’ operating surface, you are effectively limiting their attack surface. 

James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.