A good boxer knows not to expose his body to his opponent. The art of his victory comes from his ability to avoid and withstand what his rival throws at him. For organizations today, reducing their attack surface inherently minimizes what an adversary can attack and their ability to strike.
The basic principles of combat have remained unchanged, it’s how they are applied that is different. Organizations today are engaged in cyberwarfare, either proactively or reactively. For those that choose to be proactive, becoming a smaller target is a principle they embrace.
Cloud, IoT and mobile workforces have caused many organizations to lose their footing, drop their guard, and overexpose their critical assets. Today’s battleground is different, but the principle of being a small target isn’t. Here are some ways to reduce your attack surface:
Make Everything Invisible
Adversaries are unable to attack what they cannot see. VPNs rely on open ports listening for incoming connections. These ports can be found and exploited. Inversely, a Software-Defined Perimeter cloaks all ports, rendering them invisible to unauthorized or nefarious actors. Single-Packet Authorization technology makes this possible and is foundational to the Software-Defined Perimeter architecture.
Adopt Zero Trust
Remote workers and third parties accessing your network drastically increase the attack surfaces. Zero Trust mandates authenticating the identity extensively, before providing secure access, which is not achievable with legacy solutions like VPNs. A Software-Defined Perimeter goes beyond validating the IP address, dynamically making evaluations on device posture, location, time, roles, and permissions before granting access. Micro-segmentation then takes over, granting a secure 1:1 connection to authorized resources. Anything that is unauthorized to the identity in question is invisible and inaccessible, reducing lateral movement and preventing insider threats.
Deploy Programmable Security
Your digital footprint and attack surface are elusive. Deployments happen regularly, applications move locations and cloud instances scale up and down reacting to demand. Managing access privileges with hardware-bound legacy solutions causes immense complexity and introduces risk. A Software-Defined Perimeter is programmable, scaling with your cloud. Security is automatically applied as the attack surface changes and new instances are deployed.
Be Your Worst Enemy
Finally, cyber-resilience is not an end-state, but an ongoing journey. Organizations must push their limits, prepare for the worst and identify vulnerabilities before their adversaries. Much like the boxer, you will be faced with varying opponents who take different approaches to defeat you. The boxer will spar with those who emulate his upcoming opponent. Organizations must emulate their adversary and the various attack methods in their arsenal. By taking this seriously, organizations will identify their weaknesses and turn them into strengths before their opponent steps foot in the ring.
Reducing the attack surface is one of three essential challenges organizations can address by adopting a focused approach to Zero Trust. If you are ready to learn about the other two, we invite you to explore Cyxtera Essential Defense.