Understanding the attack surface to better allocate funds

Prioritize resources to protect the most critical assets

In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.

Misha Govshteyn, co-founder and CISO at Alert Logic, said, "For a long time, when people thought about defensive strategies it was about their enterprise or their perimeters, where the infrastructure ends and the outside world begins."

According to Earl Perkins, research vice president, digital security, the IoT group at Gartner, "We now embrace multiple forms of wireless networks as an enterprise. We distribute smaller, fit-for-purpose devices that have some processor and memory function, but aren’t general-purpose platforms in the sense of traditional IT. All of these are now ingress points and vulnerable assets if they are inadequately protected."

Keeping up with these changes can be a challenge which is why understanding the attack surface has gained importance for startups and larger enterprises alike, especially in the cloud, Govshteyn said.

"For a company that started five years ago, they literally were in the start of building their infrastructure. A lot of their software is in the cloud, and not just one cloud but a couple of cloud like environments," Govshteyn said.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!