Skip to main content

How to Reduce Attack Surface

October 22, 2014

An effective strategy to help protect your organization is to reduce the noise, allowing for easier detection of an exploit; while at the same time increasing the difficulty to compromise. This, in effect, reduces the adversaries operating surface, funneling the attacker into a smaller and smaller area over time, until the likelihood of an attack is minimal. 

Reduce Attack Surface

Reducing the noise allows you to take a better position to see the event or attack occurring. Some examples include adopting monitoring technology such as security information and event management (SIEM), tuning of detection or protection systems, and advanced analytics. Reducing the noise can also include leveraging threat intelligence in data correlation to better define an attacker. These activities allow an organization to move up the chain from simply gathering data, to understanding and using the information, to eventually predicting events through security intelligence. 

In addition to reducing the noise, increasing the difficulty of compromise also limits an attackers operating surface. Effective tactics include:

Configuration Management: To maintain your systems, make sure that security tools are enabled and other services are secure by default, and uninstall unnecessary software. This is a simple step you can take that provides a huge benefit in reducing your attack surface. 

Memory Randomization and Tools: Leverage tools like Microsoft Enhanced Mitigation Experience Toolkit (EMET), Microsoft Data Execution Protection (DEP), Microsoft/Apple Address Space Layout Randomization (ASLR), Microsoft Structured Exception handler Overwrite Protection (SEHOP) to enhance your systems ability to protect itself. Not all of these tools are enterprise ready, but the ones that are not still have great effectiveness in point scenarios on critical systems. 

Secure Application Development: If you are building a product that is going to the market, secure application development is a necessity. This is a direct, revenue-facing function that adds tremendous value to the business.

Patching: Make sure your systems are always up-to-date with the latest patches. Exploiting old vulnerabilities is an easy way for an attacker to compromise your system. 

Sandboxing and Containers: If an exploit does occur, sandboxing can be used to “catch” the attack and a container can control the impact. This helps to significantly minimize the overall damage.  

Exploit Analysis: Documenting and analyzing malicious code that caused an exploit helps your organization because you can leverage the data to better understand or identify you adversaries.

Integrating these strategies into your security program make it much harder for exploits to attack your organization’s systems. By reducing your adversaries’ operating surface, you are effectively limiting their attack surface. 

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

June 07, 2018

Quick Tips for Building an Effective AppSec Program – Part 3

This is the last post in my series on creating an effective AppSec program within your organization. In my last post, we discussed the importance of t...

See Details

May 24, 2018

Transforming Logs and Alerts into Actionable Intelligence with UEBA Functionality

For information security practitioners, the stored value in security data can reduce both costs and risk. The progression of the treatment of log data...

See Details

May 10, 2018

Observations on Smoke Tests – Part 3

While attending one of our technology partner’s security training courses, the instructor presented on their product’s various features and capabiliti...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


May 09, 2018

Application Security

Learn how Optiv can help protect your most critical enterprise applications from both internal and external threats.

See Details

April 22, 2016

Co-Managed SIEM

Move beyond alerts to improve risk awareness with co-managed SIEM.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.