by Keith McCammon

less than 1 minute read

Any exposed attack surface can be used by an adversary to gain or maintain access to your environment. Security controls are a uniquely high-risk part of your attack surface, because compromising a security control often provides an adversary with privileged and/or uniquely positioned access to the environment. And evidence shows that adversaries are capitalizing on exposed, vulnerable attack surface.

Compromising a security control gives the adversary the ability to perform one or more of the following:

  • Manage devices
  • Manage identities, including access control and management
  • Alter external network access control policies, including: granting remote access to networks, allowing lateral movement between networks, or allowing network egress
  • Modify, suppress, or remote logs, alerts, and other evidence of their activities
  • Monitor investigative or response activities
  • Access sensitive data (particularly problematic if the compromised control issues key material, or performs TLS interception a.k.a. man-in-the-middle)

By contrast, a compromised end user device or endpoint, e.g., a workstation or server, may provide some of the same abilities, but often in a much more limited capacity.

Categories:

Updated:

You May Also Enjoy

Improving CISA KEV data integrity

3 minute read

tl;dr - Sometimes CISA removes Known Exploited Vulnerabilities catalog records. It would be awesome if they marked them as withdrawn and/or superseded instead.

When your product becomes a feature

3 minute read

Having spent a few years using, maintaining, and building security products of every conceivable shape and size, it’s become apparent how uniquely risky it is to invest in building cloud[1] security products.