Page 100 - Cyber Defense Magazine RSA Edition for 2021
P. 100

presence consists of, also known as your attack surface. How can you make your attack surface as small,
            flexible and secure as possible?

            The Sweepatic Platform helps you strengthen the cyber resilience of your organization by not giving
            cybercriminals  a  real  chance.  People  with  malicious  motivations  will  not  be  able  to  access  your
            information if your “cyber doors” are closed. How can you approach that in concrete terms?



               1.  Be aware of your attack surface

            Only when you understand the breadth and depth of your online presence you can really evaluate the
            risks your organization runs. An attack surface changes and grows continuously, which makes it hard
            and complex to have an up-to-date overview in real time.

            For  example,  the  Sweepatic  Platform  automatically  and  exhaustively  scans  the  attack  surface  for
            vulnerabilities  or  CVEs  (Common  Vulnerabilities  and  Exposures).  Sweepatic  verifies  email  security
            settings which will prevent fraudulent or phishing emails sent in the name of an organization. Websites
            are verified against a list of configuration and encryption best practices. New cloud-based applications
            deployed with default and insecure settings are detected within days.

            By keeping an eye on your attack surface, such risks can be avoided. The Sweepatic Platform discovers
            the full extent of your attack surface 24x7 and assesses in which areas you can remove targets for
            cyberattacks. You can slim down your attack surface in three concrete ways:



               2.  Websites and domain names


            Keep an up-to-date view of which hosts your organization uses and manage them efficiently. You do this
            by updating your configurations, keeping an eye on which web applications are running and carefully
            handling where exactly you store and share confidential information. This provides you with an overview
            of which internet-facing assets - that no longer serve a business justification - to take offline or of where
            precisely you can improve your attack surface security.

            After all, what is not there, cannot be hacked.



               3.  External providers


            Nowadays, not all IT passes through or is managed by the IT department, let alone IT security. Are you
            aware of what is put online? Do you know exactly which external providers your organization uses? Not
            only is it safer to limit this group, it will likely save you monthly subscription fees as well.










                                                                                                            100
   95   96   97   98   99   100   101   102   103   104   105