The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

You can't choose when the next big security hole will show up. You can decide how much of your environment is visible when it does. The problem is that most teams don't know how much exposure they have on the internet.

The Head of Security at Intruder looks into why this happens and how teams can handle it on purpose. ## The time it takes to exploit is getting shorter The bigger and less controlled your attack surface is, the more chances there are for it to be used. Changes to exposure happen all the time: a firewall rule is changed, a new service is added, or a subdomain is forgotten. Your team needs to be able to spot these changes right away.

It takes time to do vulnerability scans, and it's not usually possible to do full scans every day. Daily port scanning is a better choice.

It's light, quick, and lets you find new services as they come up. If someone changes a firewall rule and accidentally opens Remote Desktop, you find out right away, not at the next scheduled scan, which could be up to a month later.