What Is It?
An attack surface is what is available to any would be threat actors. It can encompass applications, exposed infrastructure as well as devices and the third party services your organisation uses amongst other areas that would be of interest to a threat actor.
Why Assess It?
There are many reasons to conduct an attack surface security assessment, five of which are below.
Supplier Solutions
Organisations procure a number of services, some which require infrastructure to be deployed which can be managed independently and therefore the organisation will have a lack of understanding around the solution. By conducting an attack surface assessment, you can see what is inside these previously hidden solutions and understand the risks better.
Discover Technical Debt
People in an organisation change over time and sometimes knowledge leaves with departing employees. It is important for your organisation to ensure that no longer used systems or ones which never made it through to go-live are not still running and posing a threat to your organisation. Through an attack surface security assessment, you can discover these forgotten about or overlooked systems and their risks.
Prioritise Security Effort
Having an organisation wide insight into what you are exposing allows you to make an informed risk based decision on where to apportion effort to reduce the risk from a whole organisation viewpoint.
Threat Actor View
Every organisation has an asset register but how confident is your organisation that everything is detailed in this register? Threat actors have a different perspective to asset management and will hunt out the most vulnerable of systems and services your organisation has, to achieve their objectives faster. Conducing a security assessment under your control, you can see what your organisation looks like to a threat actor.
Avoid Fines
As an organisation you are required to process data, especially personally identifiable information, in line with relevant guidance, as in the event of a security incident the UK’s Information Commissioners Office (ICO) can issue fines up to £17.5m or 4% of global annual turnover, whichever is higher. It is important to ensure that your organisation knows its attack surface to defend, as your organisation needs to get it right all the time versus a threat actor who only needs to get it right once.
The Agility Cyber Approach
Like all our engagements, we want you to get the most out of your attack surface security assessment and we do this by:
Open Source Intelligence
We do not just scan your allocated IP address ranges. We supplement our discovery activity using all available open source intelligence, whether this is from third party Internet wide scans to find where your SSL/TLS certificates are in use or by conducting more active discovery against services such as Domain Name System (DNS).
Full Investigation
It would be simple to focus on what hosts are running that your organisation did not expect but this does not offer much assurance. Instead, we probe the services running on the hosts to both identify what purpose they are serving and enumerate any security vulnerabilities. Whilst this does not replicate a full targeted security assessment of the service it ensures that we can give you an accurate risk perspective.
Multi-Viewpoint
Attacks are not just from the outside, we are able to conduct discovery assessment from the inside of your organisation too. Often it is beneficial to deploy a monitoring endpoint at a relevant point on your network so that you can see what is communicating out to the Internet or coming into your organisation.
Collaborative
During the assessment we work with you, feeding back what we are finding and using your knowledge to help us triage any risks and support you in understanding what possible next steps are.
Flexible Output
We want to ensure you have our findings in the most practical and efficient format for you. This does not have to just be a formalised report as we are keen to supply the data from our assessment in whatever format your organisation consumes best, whether that is spreadsheets, adding our discoveries into an internal asset register or using issue tracking software to allow your teams to triage further.
Benefits of Partnering with Agility Cyber
Mutually Invested
Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.
Clarity and Simplicity
We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.
Full Consultancy
Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.
Impartiality
We are impartial, we do not sell you products or the latest buzzword laden trending solution.
Outstanding Service
We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.