Know your Attack Surface

ArticleTechincal
Written By vishal vashisht

If you don’t know what your attack surface is, how can you secure it?

Attack Surface Management has to be done continually. Whether this is asset management or tracking where your data is, your attack surface is constantly changing. Your SaaS applications are included in your attack surface and should be included in your auditing.

If you don’t know where your data is, can you be compliant with ISO27001, GDPR? Even something as important as credit card numbers can easily be copied by someone onto their personal drives, not out of malice, but because it made their job easier at the time & now you’re non compliant with finance certifications.

Remote Access - RDP, Telnet, VPNs - what is accessible from the Internet

File Services - What is open on the internet, what SaaS storage applications are you using & what is stored there?

Patching - PATCH YOUR SYSTEMS!

Management Portals - What are you IT Teams using to manage your environment. Is MFA Enabled? Who has access to it?

There is a LOT more and we can help you document and secure this.

vishal vashisht
Previous

From Chaos to Control:
Next

Software Repository attacks