Attack Surface
  • 2 Minutes to read
  • PDF

Attack Surface

  • PDF

Article summary

Introduction


This page allows you to manage the automatic asset offboarding and default paraments settings

Automatic Asset Offboarding


Automatic Asset Offboarding automates the process of retirement and deletion of the ideal assets from the SAFE application. The system automatically deletes assets that do not synchronize with SAFE for the specified number of days continuously.

Configure Automatic Asset Offboarding


To configure automatic asset offboarding:

  1. Navigate to Settings > AttackSurface

  2. Enter the number of days in the  Auto Delete field. The minimum and maximum values allowed for this field are 1 and 365 days, respectively.

  3. Enable the auto-delete toggle button.

  4. Click Save.

settings%20attack%20surface

Configure Default Parameters


This section allows you to set the default values for the following asset fields:

  • Business Criticality

  • Department

  • Location

To set the default parameters:

  1. Navigate to Settings > Attack Surface.

  2. Enter the default values for BusinessCriticality, Department, and Location.

  3. Click the Save button.

FAQs

1. What is the impact of firmographics when creating a group?

Firmographics play a crucial role when estimating risk for a Group. They encompass essential information about the group’s industry, revenue, and exposure. The firmographics impact risk estimation in several ways:

  • Risk Profile: Larger employee counts and higher revenues may indicate a more attractive target for cyber attacks. Resource Allocation: Groups with larger asset counts may require more extensive security measures and resources. 

  • Threat Landscape: The industry (Finance and Insurance) suggests specific types of threats and compliance requirements. 

  • Security Strategy: The partial internet-facing nature of all groups implies a need for balanced internal and external security measures. 

  • Asset Focus: The distribution of assets (e.g., heavy focus on Cloud or Server) helps in prioritizing security efforts for each group.

    By considering these firmographic factors, organizations can create more targeted and effective security strategies for each group, ensuring that resources are allocated appropriately based on the specific characteristics and risks associated with each business unit or entity.

2. What is the definition of attack surface types and what is the impact of these on quantification?

Attack surface types play a crucial role in cybersecurity risk quantification. Understanding these types and their impact is essential for effective risk management. Let's explore the definition of attack surface types and their impact on quantification:

Definition of Attack Surface Types

Attack surface types refer to the various categories of potential entry points or vulnerabilities that threat actors can exploit to gain unauthorised access to an organization's system, network, or data. These types can include:

Attack Surface Type

Description

Network

Includes all network-connected devices, ports, and protocols

SaaS

Includes Software-as-a-Service applications

Cloud

Covers cloud-based infrastructure, platforms, and services

Storage

Includes Data storage systems and devices

People

Refers to employees, contractors, and other personnel who can be targeted

Server

IIncludes Physical and virtual servers

Endpoint

User devices like computers and mobile devices

OT

Includes Operational Technology systems

IoT

Includes Internet of Things devices

Impact on Quantification

The impact of attack surface types on risk quantification is significant:

Impact Area

Description

Threat Event Frequency (TEF)

Attack surface count plays the most significant role in determining TEF value

Susceptibility

Each type has unique vulnerabilities, affecting overall susceptibility

Loss Magnitude

The potential financial impact varies based on the attacked surface

Quantification Factors

When quantifying risk based on attack surface types, several factors are considered:

Factor

Description

Asset Count

Number of assets within each attack surface type

Control Effectiveness

How well controls mitigate risks for each surface type

Threat Actor Capabilities

Varying skills required for different attack surfaces

Data Sensitivity

Type and value of data accessible through each surface

Summary

Understanding attack surface types and their impact on quantification allows organizations to: 

  • Prioritize security efforts based on the most vulnerable or critical surfaces 

  • Allocate resources more effectively for risk mitigation 

  • Develop targeted strategies for each attack surface type 

  • Improve overall risk assessment accuracy and comprehensiveness


Was this article helpful?

What's Next