Interior Page Icon

Disrupting the Attack Surface

Making Life Hard for the Adversary

The Big Idea

Whereas the other activities (1-12) focus on reducing the attack surface, the scope of this activity is on disrupting the attack surface. Changing the attack surface in such a way that the adversary is unable to get correct and timely information about the defenders, makes incorrect assumptions about the defenders, wastes resources or prematurely discloses malware to the defenders, and provides defenders an opportunity to get ahead of the attack and defeat the adversary.

Cyber Resiliency Goals & Objectives

The Disrupt the Attack Surface activity is most often used by an entity that has identified Anticipate, Withstand and Recover as goals and Understand, Prevent, Continue, and Constrain as objectives.

Design Principles

The design principles for disrupting the attack surface create an uncertain environment for the adversary and thus make it more difficult for the adversary to effectively and successfully attack the enterprise.

What Can Be Done Now

The following resiliency techniques can help transform an easily attacked enterprise into one that can better resist and recover from attacks:

The Right People & Policies

Increasing resiliency by reducing the attack surface requires specific skills and policies:

Cyber Attack Lifecycle

Using the cyber resiliency techniques described above, enables the defenders to have a broad range of impacts on the adversary across the cyber attack lifecycle. In the early stages, the techniques impede the adversary, limit the knowledge the adversary can gain and sometimes even expose the adversary’s actions. During the middle and later stages of the lifecycle, when the adversary is trying to deliver malware, exploit initial targets, take control of them and then execute and maintain control of the environment, the combination of resiliency techniques can detect the adversary’s actions, limit the damage caused by these actions and redirect them to deception environments (e.g., honey nets) where the adversary’s actions can be safely studied. In some cases a specific attack may even be precluded completely by these techniques.

Synergies & Barriers

The techniques discussed here have many synergies with each other. These include:

Barriers to adoption include:

Just Ahead

The threat landscape is evolving. The advent of the Internet of Things greatly increases the attack surface. This increases the need of the defender to disrupt the attack surface. The ability to adaptively respond to the adversary in a more dynamic and real time manner becomes more important. Similarly, the ability to more quickly off load or reconfigure resources (e.g., organizations applying their “own special sauce” to configuration of their resources) thus making it more difficult for the adversary to confidently target their attacks, becomes more imperative. As time goes on, organizations will need to modify their infrastructure architecture to create an innocuous path that makes attackers noisier and more visible.

See Key Concepts and Terms for definitions

Back to Menu Next Activity