- 2 Minutes to read
- Print
- PDF
Attack Surface
- 2 Minutes to read
- Print
- PDF
Introduction
This page allows you to manage the automatic asset offboarding and default paraments settings
Automatic Asset Offboarding
Automatic Asset Offboarding automates the process of retirement and deletion of the ideal assets from the SAFE application. The system automatically deletes assets that do not synchronize with SAFE for the specified number of days continuously.
Configure Automatic Asset Offboarding
To configure automatic asset offboarding:
Navigate to Settings > AttackSurface
Enter the number of days in the Auto Delete field. The minimum and maximum values allowed for this field are 1 and 365 days, respectively.
Enable the auto-delete toggle button.
Click Save.
Configure Default Parameters
This section allows you to set the default values for the following asset fields:
Business Criticality
Department
Location
To set the default parameters:
Navigate to Settings > Attack Surface.
Enter the default values for BusinessCriticality, Department, and Location.
Click the Save button.
FAQs
1. What is the impact of firmographics when creating a group?
Firmographics play a crucial role when estimating risk for a Group. They encompass essential information about the group’s industry, revenue, and exposure. The firmographics impact risk estimation in several ways:
Risk Profile: Larger employee counts and higher revenues may indicate a more attractive target for cyber attacks. Resource Allocation: Groups with larger asset counts may require more extensive security measures and resources.
Threat Landscape: The industry (Finance and Insurance) suggests specific types of threats and compliance requirements.
Security Strategy: The partial internet-facing nature of all groups implies a need for balanced internal and external security measures.
Asset Focus: The distribution of assets (e.g., heavy focus on Cloud or Server) helps in prioritizing security efforts for each group.
By considering these firmographic factors, organizations can create more targeted and effective security strategies for each group, ensuring that resources are allocated appropriately based on the specific characteristics and risks associated with each business unit or entity.
2. What is the definition of attack surface types and what is the impact of these on quantification?
Attack surface types play a crucial role in cybersecurity risk quantification. Understanding these types and their impact is essential for effective risk management. Let's explore the definition of attack surface types and their impact on quantification:
Definition of Attack Surface Types
Attack surface types refer to the various categories of potential entry points or vulnerabilities that threat actors can exploit to gain unauthorised access to an organization's system, network, or data. These types can include:
Attack Surface Type | Description |
---|---|
Network | Includes all network-connected devices, ports, and protocols |
SaaS | Includes Software-as-a-Service applications |
Cloud | Covers cloud-based infrastructure, platforms, and services |
Storage | Includes Data storage systems and devices |
People | Refers to employees, contractors, and other personnel who can be targeted |
Server | IIncludes Physical and virtual servers |
Endpoint | User devices like computers and mobile devices |
OT | Includes Operational Technology systems |
IoT | Includes Internet of Things devices |
Impact on Quantification
The impact of attack surface types on risk quantification is significant:
Impact Area | Description |
---|---|
Threat Event Frequency (TEF) | Attack surface count plays the most significant role in determining TEF value |
Susceptibility | Each type has unique vulnerabilities, affecting overall susceptibility |
Loss Magnitude | The potential financial impact varies based on the attacked surface |
Quantification Factors
When quantifying risk based on attack surface types, several factors are considered:
Factor | Description |
---|---|
Asset Count | Number of assets within each attack surface type |
Control Effectiveness | How well controls mitigate risks for each surface type |
Threat Actor Capabilities | Varying skills required for different attack surfaces |
Data Sensitivity | Type and value of data accessible through each surface |
Summary
Understanding attack surface types and their impact on quantification allows organizations to:
Prioritize security efforts based on the most vulnerable or critical surfaces
Allocate resources more effectively for risk mitigation
Develop targeted strategies for each attack surface type
Improve overall risk assessment accuracy and comprehensiveness