Contents x
    Attack Surface
    • 2 Minutes to read
    • Print
    • PDF
    Contents

    Attack Surface

    • 2 Minutes to read
    • Print
    • PDF
    Article summary

    Introduction

    This page allows you to manage the automatic asset offboarding and default paraments settings

    Automatic Asset Offboarding

    Automatic Asset Offboarding automates the process of retirement and deletion of the ideal assets from the SAFE application. The system automatically deletes assets that do not synchronize with SAFE for the specified number of days continuously.

    Configure Automatic Asset Offboarding

    To configure automatic asset offboarding:

    1. Navigate to Settings > AttackSurface

    2. Enter the number of days in the  Auto Delete field. The minimum and maximum values allowed for this field are 1 and 365 days, respectively.

    3. Enable the auto-delete toggle button.

    4. Click Save.

    settings%20attack%20surface

    Configure Default Parameters

    This section allows you to set the default values for the following asset fields:

    • Business Criticality

    • Department

    • Location

    To set the default parameters:

    1. Navigate to Settings > Attack Surface.

    2. Enter the default values for BusinessCriticality, Department, and Location.

    3. Click the Save button.

    FAQs

    1. What is the impact of firmographics when creating a group?

    Firmographics play a crucial role when estimating risk for a Group. They encompass essential information about the group’s industry, revenue, and exposure. The firmographics impact risk estimation in several ways:

    • Risk Profile: Larger employee counts and higher revenues may indicate a more attractive target for cyber attacks. Resource Allocation: Groups with larger asset counts may require more extensive security measures and resources. 

    • Threat Landscape: The industry (Finance and Insurance) suggests specific types of threats and compliance requirements. 

    • Security Strategy: The partial internet-facing nature of all groups implies a need for balanced internal and external security measures. 

    • Asset Focus: The distribution of assets (e.g., heavy focus on Cloud or Server) helps in prioritizing security efforts for each group.

      By considering these firmographic factors, organizations can create more targeted and effective security strategies for each group, ensuring that resources are allocated appropriately based on the specific characteristics and risks associated with each business unit or entity.

    2. What is the definition of attack surface types and what is the impact of these on quantification?

    Attack surface types play a crucial role in cybersecurity risk quantification. Understanding these types and their impact is essential for effective risk management. Let's explore the definition of attack surface types and their impact on quantification:

    Definition of Attack Surface Types

    Attack surface types refer to the various categories of potential entry points or vulnerabilities that threat actors can exploit to gain unauthorised access to an organization's system, network, or data. These types can include:

    Attack Surface Type

    Description

    Network

    Includes all network-connected devices, ports, and protocols

    SaaS

    Includes Software-as-a-Service applications

    Cloud

    Covers cloud-based infrastructure, platforms, and services

    Storage

    Includes Data storage systems and devices

    People

    Refers to employees, contractors, and other personnel who can be targeted

    Server

    IIncludes Physical and virtual servers

    Endpoint

    User devices like computers and mobile devices

    OT

    Includes Operational Technology systems

    IoT

    Includes Internet of Things devices

    Impact on Quantification

    The impact of attack surface types on risk quantification is significant:

    Impact Area

    Description

    Threat Event Frequency (TEF)

    Attack surface count plays the most significant role in determining TEF value

    Susceptibility

    Each type has unique vulnerabilities, affecting overall susceptibility

    Loss Magnitude

    The potential financial impact varies based on the attacked surface

    Quantification Factors

    When quantifying risk based on attack surface types, several factors are considered:

    Factor

    Description

    Asset Count

    Number of assets within each attack surface type

    Control Effectiveness

    How well controls mitigate risks for each surface type

    Threat Actor Capabilities

    Varying skills required for different attack surfaces

    Data Sensitivity

    Type and value of data accessible through each surface

    Summary

    Understanding attack surface types and their impact on quantification allows organizations to: 

    • Prioritize security efforts based on the most vulnerable or critical surfaces 

    • Allocate resources more effectively for risk mitigation 

    • Develop targeted strategies for each attack surface type 

    • Improve overall risk assessment accuracy and comprehensiveness

    Was this article helpful?
    What's Next