Cybersecurity Vocab - 2.4

attack surface

all potential pathways a threat actor could use to gain unauthorized access or control. Each piece of software, service, and every enabled protocol on an endpoint offers a unique opportunity for attack. The overall attack surface is composed of every asset's attack surface.

attack surface management

the methods used to continuously monitor an environment to identify changes to its attack surface quickly.

passive discovery

the indirect methods used to identify systems, services, and protocols. Reveals information about network-connected hosts, communications channels, protocols in use, and activity patterns.

edge discovery

defines the "edge" of the network as every device with internet connectivity.

penetration test

simulating an attack on an organization's network to identify vulnerabilities and weaknesses. Includes a findings report detailing identified weaknesses and recommended remediations.

adversary emulation

a type of penetration test that mimics the actions of known threat actor groups. Helps the organization improve its ability to detect and respond to specific attacks associated with the threat actor instead of generalized attacks used in penetration testing.

bug bounties

organizations define areas of their environment they would like help protecting and offer rewards for responsible disclosure of vulnerabilities. Bugcrowd and HackerOne are popular bug bounty platforms.

asset inventory

conducting an inventory of all hardware and software assets and user accounts in the environment. Once identified, the team must determine which assets are essential for business operations and which can be removed.

access control

implementing strict access control measures, such as multifactor authentication, can reduce the attack surface significantly. Limiting access to sensitive data and systems reduces the risk of unauthorized access.

patching and updating

regularly patching and updating software and firmware can prevent attackers from exploiting known vulnerabilities. Patching should be performed via automated patch management systems.

network segmentation

segmenting a large network into smaller subnets can limit the damage an attacker can cause. By segmenting the network, the breaches and infections can be more effectively contained, thereby reducing the attack surface.

removing unnecessary components

removing hardware or software components reduces the attack surface. By removing software, the organization eliminates a pathway that attackers can exploit.

employee training

employee training can help reduce the attack surface by raising awareness of the potential risks and the importance of security measures. Regular training can help employees recognize and report potential security threats, reducing the likelihood of successful attacks.