Article written by Chris Booth, Healthcare Account Manager, ITHealth
When it comes to securing an organisation’s attack surface, visibility is key. For an organisation to protect its network, it needs to know exactly what devices and software it has; it comes down to the old adage ‘you simply can’t protect what you can’t see’.
The rapid adoption of digital technologies has meant organisations struggle to discover their large and distributed estates, which now consist not only of physical devices and software assets, but also virtual assets, operational technology (OT), and Internet of Things (IOT) devices. Another problem is “shadow IT” – hardware and software assets that are unsanctioned by the IT department and, therefore, often unprotected. What’s more, the technology estate continues to rapidly evolve to accommodate new modes of work and increased digitisation, only further expanding the attack surface and escalating the problem.
What is the Attack Surface?
The attack surface encompasses all points of entry that can serve as an attack vector for unauthorised users to gain access to a system for malicious reasons.
To properly manage the growing attack surface, organisations must have full visibility into the technology assets they have – including shadow IT and BYOD (bring your own device). However, for most organisations, there’s often no central source of truth containing complete and accurate technology asset data. Manual paper-based processes and spreadsheets are error-prone and incomplete, and forgotten or missed assets may be running outdated software or malware, creating security vulnerabilities that will inevitably compromise an organisation’s data and infrastructure.
Another area of poor visibility is assets that are rendered ‘disabled’ and removed from network scanning tools following a typical period of not having been seen; what if these devices are off the network, but are still being used and thereby a threat? Without uncovering blind spots and having complete visibility of all assets, how you can possibly understand or protect the ‘attack surface’?
Closing the blind spots
A critical tool to implement is an effective and comprehensive Cyber Asset Attack Surface Management (CAASM) solution. CAASM focuses on enabling IT and security teams to have complete visibility into the security and risk exposure of their cyber assets – eliminating any blind spots and would-be open doors to cyber attackers. It’s a solution that automatically discovers and analyses any and all assets connecting to the network and provides vital insight into how these assets are protected, potential vulnerabilities and the severity of the vulnerabilities, be it software and hardware versions, outdated or unpatched software, encryption issues, weak passwords, or misconfigurations, and so on.
Choosing the right partner
ITHealth uses Lansweeper technology to create specific solutions to address the cyber asset attack surface and asset blind spot challenges; a combination of agentless scanning technology, industry expertise, and accurate and timely intelligence data feeds provides customers with unparalleled levels of insight to help protect their connected estates.
Both ITHealth and Lansweeper will be at the forthcoming FutureScot Cyber Security 2024 event, Tuesday, February 27, Technology & Innovation Centre, Strathclyde University, Glasgow. Chris Booth, ITHealth Account Manager, will be talking all about the Cyber Asset Attack Surface within his masterclass session as part of the main conference.