What is attack surface expansion?

An attack surface is the sum of all entry points that an attacker can exploit to gain unauthorized access to a system/environment/infrastructure. Attack surface expansion refers to the increase in number and complexity of these entry points.

There are several factors that can lead to attack surface expansion, including:

• Digital transformation ventures, which may include migrating to a cloud platform.
• Adding new hardware or software systems, e.g. buying a new cloud-based platform for business intelligence.
• An increase in the number of remote workers.
• Creating more endpoints for a web application, e.g. exposing a new, unsecured/POST endpoint to allow vendors to create data in your system.
• Opening new ports in the firewall to allow communication with third-party services.
• Business expansion, which may include opening new branches or data centers.
• Poor security hygiene, e.g. using outdated software, failing to patch vulnerabilities or writing insecure code.

All except one (poor security hygiene) of the reasons mentioned above are critical for businesses to grow and expand. Digital transformation, onboarding new partners and investing in new applications are essential for scaling, but they may also expand the organization's attack surface.

To remain secure, companies must ensure that an expanded infrastructure, or growth efforts, don’t lead to an increased attack surface. They must take a proactive approach to maintaining and improving their security posture. For example, when an organization integrates a cloud platform to its existing on-premise infrastructure, it should:

• Educate employees on cloud security best practices. This includes teaching employees about the risks of cloud computing, such as data loss and security breaches.
• Regularly review all applications for any misconfigurations. This can help to identify and fix any security vulnerabilities.

An expanding attack surface can have several implications for an organization, including:

Increased risk of cyberattacks

An expanded attack surface offers more avenues for attackers to exploit vulnerabilities in a system. For instance, if you add an AWS Lambda function to your infrastructure without applying the proper IAM policy to secure it, an attacker can exploit this misconfiguration to infiltrate your network.

Increased complexity

Attack surface expansion can lead to increased complexity, especially if your infrastructure is spread across multiple cloud and on-premise environments. The more complex a system is, the more difficult it is to maintain and secure.

Increased security and maintenance costs

If steps are not taken to proactively minimize attack surface, the overall costs associated with security and maintenance can become significant. These costs may arise due to the additional resources required to secure the expanded attack surface, or to resolve any exploitable vulnerabilities.

Decreased agility

Attack surface expansion can decrease an organization's agility and speed to market. The increased security costs and complexity associated with it can impede innovation, making organizations more risk-averse and leading to missed opportunities.

Let’s look at a few strategies that organizations can implement to limit attack surface expansion:

• Understand your attack surface: Answer questions like: Which assets are exposed to the internet? How many RESTful applications are we using? How many cloud environments do we have?

You can only protect what you know exists, so gaining full visibility into your infrastructure is a crucial first step in protecting it.

• Conduct regular audits: Security is an ongoing exercise. Perform regular audits of your infrastructure to identify any vulnerabilities, like outdated software, bugs or misconfigurations.
• Limit public-facing assets: Limit the number of publicly accessible systems and applications to only those that are strictly necessary.
• Implement the principle of least privilege: Limit access to systems to only those people and processes that require it.
• Use stronger authentication: Use adaptive, password-less authentication to secure sensitive assets.
• Build applications that are secure by design: Shift security left. Educate and encourage developers to follow secure coding practices while building applications.
• Prepare to respond to attacks: Even if you do everything right, attacks may still happen. It is important to have a plan in place to quickly and effectively recover from an attack.

As attack surfaces expand, traditional identity systems may not be enough to provide adequate security. With more entry points for malicious actors, there is a higher risk of identity data theft and privilege escalation. Moreover, managing identities becomes more complex as the infrastructure grows, potentially leading to misconfigurations and broken security controls.

This is where a modern, converged identity solution can save the day. A converged identity solution enables you to apply security controls to all your environments, from a central place. This ensures that all your (cloud and legacy) assets are adequately secured, significantly decreasing your attack surface.