A Guide To Attack Surface Reduction Through Microsegmentation
According to ZDNet, attackers initiated almost half of all ransomware attacks in 2021 by compromising RDP services. In recent attacks, exploiting RDP and other software vulnerabilities and threatening to leak sensitive data has enabled attackers to demand greater sums. The major ransomware gangs have managed to extort millions of dollars worth of Bitcoin, and average downtime after a ransomware attack has grown to an average of 23 days.
While on the surface it might seem like RDP services are the issue, their vulnerability represents a symptom, not the problem itself. Modern networks have become hyperconnected and corporate fleets have expanded to include a proliferation of device types.
This evolution demands a new approach to security that can account for the complex and dynamic nature of modern work culture. You've likely heard of Zero Trust, but this is just once angle of approach to modern cybersecurity. Instead of enacting perimeter-based strategies, security professionals must use microsegmentation to reduce attack surfaces throughout their organization. Read on to learn more, or watch our on-demand webinar:
In this article, we’ll look at the key ways microsegmentation supports attack surface reduction and how organizations can apply this strategy to improve security.
What is attack surface reduction?
Your organization’s attack surface consists of every point where a user can gain access and interact with your network. Each point where a legitimate user can enter or extract information also represents a potential vulnerability, since attackers can use those same points to infiltrate the network. Whether by guessing passwords, stealing credentials, or using other means, attackers know that breaching through an existing access point is often an easier and less detectable way to compromise a network.
These vulnerable access points, protocols, and services within a network are called attack vectors, and together they make up every organization’s unique attack surface. Here are just a few examples of attack vectors:
- Software and APIs: Although software integrations can introduce new business opportunities, they can also introduce vulnerabilities.
- Access: Without access restrictions and controls, organizations can become vulnerable to DDoS and other types of attacks.
- Unencrypted Data: Data that is visible and unencrypted leaves information unprotected, allowing for leakage and theft.
- Users and employees: HR protocols help manage the risks associated with disgruntled employees, human error, etc.
- Password management: Weak, reused, and stale passwords let attackers in with ease
- Network resources: Exposed devices, databases, and servers all represent weak points
As network architectures continue to evolve, software tools proliferate, and device fleets expand and diversify, an organization can accumulate hundreds of attack vectors within a single network. That’s why attack surface reduction is so important to modern network security. While there are multiple ways to reduce your attack surface, microsegmentation at the edge is the strongest option.
How does microsegmentation enable attack surface reduction best practices?
Edge microsegmentation is an effective and actionable way to reduce an organization’s attack surface. Instead of breaking down the network into a few large segments, edge microsegmentation protects each endpoint as its own microsegment. That way, security policies can be applied to the traffic entering and exiting the microsegment, which eliminates endpoint exposure within the network. Even if one endpoint becomes infected, the layer of protection that edge microsegmentation provides prevents the attack from spreading laterally through the network.
In the case of RDP services, the layer of abstraction created by the microsegment means that instead of being directly visible on the network, the software is only visible to users with access inside the microsegment. By applying a layer of protection outside the host, edge microsegmentation directly addresses the inherent vulnerability of the software, which is the ability to be disabled/evaded by an attack because of its dependence on the OS. An example of this occurred recently, when Pulse Secure devices were infected with malware that went undetected by the antivirus solutions running on those machines.
Think of COVID-19 safety measures as an analogy for microsegmentation at the edge. A vaccine, analogous to host-based security software in this case, is retroactive in that it addresses the problem only after a pathogen it is able to recognize, has entered your body. A mask, on the other hand, prevents the virus from ever entering your system to begin with when you are near other potentially infected individuals. Hardware-enforced microsegmentation stops attackers at the edge, reducing the attack surface by isolating each independent endpoint. Instead of dealing with a network-wide attack surface, edge microsegmentation minimizes the attack surface to secure individual microsegments.
Because each microsegment shields each endpoint within the network, there is no inbound attack exposure for the attacker to exploit. The microsegment makes the endpoint behind it invisible to any other device or service. Administrators can still access the endpoint inside of the microsegment, and specified ports and protocols allow them to do so remotely without breaking isolation in the local network. In order to compromise a device protected by this kind of microsegmentation, an attacker would first have to find a way into the endpoint (likely by tricking the user), then find a way of communicating back to their C2 without the microsegment detecting that traffic.
Edge microsegmentation also directly addresses many of the risks associated with the common attack vectors that can combine to create bloated and unwieldy attack surfaces. Here are just a few of the benefits of using edge microsegmentation to reduce an organization’s attack surface:
Current network security practices require admins to rely on OS-dependent security software and behaviour analytics to stop threats, but both are prone to being disabled by an attacker and are retroactive to any threat. This means that by the time the computer is infected, it is too late. With edge microsegmentation, administrators have complete control of the traffic to and from an endpoint.
The device fleets connecting to today’s corporate networks are growing more and more varied, with legacy, IoT, and contractor devices and BYOD policies compounding the complexity. With an edge microsegmentation strategy in place, administrators are able to unify their organization-wide security posture no matter how many devices or device types they’re dealing with or where those devices are located.
Remote work’s effect on the attack surface is a pressing concern for security teams tasked with protecting distributed workforces. With edge microsegmentation, employees can connect securely to any network and work efficiently and productively on any device, anywhere in the world.
In these ways and others, microsegmentation either achieves or replaces attack surface reduction best practices. Microsegmentation eliminates complexity, decreases risk, and increases security for modern organizations. Creating a microsegment of one around each device doesn’t just reduce the organization’s attack surface exponentially, it also makes it easier for security teams to effectively and reliably protect each individually secured endpoint.
Edge microsegmentation is what Byos does best, especially when it comes to implementing hardware-enforced isolation for organizations. The Byos μGateway offers precisely this kind of modern approach to security architecture, protecting the endpoint as a microsegment of one no matter what device an employee is using or where they’re located. Ready to learn more? Get started here.