How to Reduce Your Attack Surface Home Insights Blog How to Reduce Your Attack Surface April 02, 2020 How to Reduce Your Attack Surface Working from home (WFH) is our new reality. While some organizations have limited capabilities and employees set up for WFH, this has quickly become the new normal for everyone. In a work-from-home environment, the focus becomes ensuring quick and convenient remote access to corporate resources. As a result, organizations can introduce new attack vulnerabilities into their threat landscapes. The key to successfully adopting this business model is to understand and proactively address the inherent attack surface risk. Optiv’s attack and penetration team has a long history of discovering and analyzing enterprise attack surfaces. An increased reliance on the internet for corporate functions has resulted in a rise in attacks. In this post, our consultants have combined efforts to identify various attack surface considerations and describe how they relate to the COVID-19 outbreak. Protecting the Entire Enterprise Environment Now more than ever, attackers may target home networks to obtain sensitive data or to gain initial foothold into an organization’s environment. Home networks are often less secure than a corporate environment, making them an easier target to compromise. Private residential networks are generally unmanaged, deployed without corporate oversight and may not offer adequate security. These home networks also contribute to the enterprise attack surface. And, as you are likely familiar, there is a constant battle within the enterprise to reduce the exposed attack surface. As new threats emerge, security teams must adapt quickly in order to keep up with the latest tactics and attacker techniques. Since adopting WFH models increases the attack surface, they present new challenges for the enterprise. An emphasis on ensuring business continuity often results in services being deployed without thorough vetting. Common challenges when deploying untested technologies such as VPN, SSO and MDM can range from gaps in enterprise visibility to software and service misconfigurations. Network monitoring baseline and requirements. Monitoring traffic and user behavior has become prevalent in detecting threats. Monitoring your employees’ network traffic has always been focused on traffic originating inside an enterprise going outbound. With the introduction of telecommuting this fundamentally changes how threat hunters approach triage. Since users no longer utilize trusted internal networks, organizations have to adjust their focus on all inbound traffic originating from untrusted sources. This exacerbates the problem of malicious actors hiding among legitimate traffic. In addition, split tunneling can pose issues. Some security controls, such as web proxies, may no longer protect users from accessing unverified or known malicious sites. Making a few modifications, like setting VPN clients to block split tunneling, can put a stop to some of these issues. MDM deployments. Mobile device management products can be a great way to manage remote access to corporate email and other internal services. Enrollment registration, if not properly deployed, can lead to incomplete coverage or a loss of access. Attackers may be able to register a device controlled by them in place of a legitimate user if registration is not properly implemented. Multi-factor authentication. When opening services to allow remote access, the traditional authentication mechanism of username and password can become a single point of failure. An attacker would only need to compromise a set of credentials to obtain access to organizations, masquerading as a legitimate user. As a result, implementing multi-factor authentication (MFA) is an essential tool in closing the gap. MFA adds an additional layer of security by either requiring a second rotating value to be entered or the acknowledgement of the authentication through a secondary source, typically a mobile device. As with any change in business operations, it is imperative that an enterprise review and assess its landscape in order to fully understand the risks associated with introducing new technologies. Both the end user and the enterprise should have an ongoing process to repeatedly evaluate solutions for effectiveness and efficiency as the environment evolves and threats continue to change. Drawing from our extensive experience in the field, and testing of consumer products, we have prepared a Thwarting Opportunistic Attackers technical checklist of activities you can take to reduce your enterprise attack surface. By: Optiv Share: Remote Work How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.