What is the attack surface?

Your attack surface is all the hardware, software, SaaS, and cloud assets that are accessible from the Internet that process or store your data. Think of it as the total number of attack vectors cybercriminals could use to manipulate a network or system to extract data. Your attack surface includes:

  • Known assets: Inventoried and managed assets such as your corporate website, servers, and the dependencies running on them
  • Unknown assets: Such as shadow IT or orphaned IT infrastructure that was stood up outside of the purview of your security team such as forgotten development websites or marketing sites
  • Rogue assets: Malicious infrastructure spun up by threat actors such as malware, typosquatting domains, or a website or mobile app that impersonates your domain.
  • Vendors: Your attack surface doesn’t stop with your organization, third-party and fourth-party vendors introduce significant third-party risk and fourth-party risk. Even small vendors can lead to large data breaches, look at the HVAC vendor that eventually led to Target’s exposure of credit card and personal data on more than 110 million consumers.

Millions of these assets appear on the Internet each day and are entirely outside the scope of firewall and endpoint protection services. Other names include external attack surface and digital attack surface.