* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Non categorizzato](https://www2.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it)
* DEFINISCI LA SUPERFICIE D...

# DEFINISCI LA SUPERFICIE DA PROTEGGERE RIDUCENDO NOTEVOLMENTE LA SUPERFICIE DI ATTACO

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fdefinisci-la-superficie-da-proteggere-riducendo-notevolmente-la-superficie-di-attaco%2F%3Flang%3Dit)  
[](https://twitter.com/share?text=DEFINISCI+LA+SUPERFICIE+DA+PROTEGGERE+RIDUCENDO+NOTEVOLMENTE+LA+SUPERFICIE+DI+ATTACO&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fdefinisci-la-superficie-da-proteggere-riducendo-notevolmente-la-superficie-di-attaco%2F%3Flang%3Dit)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fdefinisci-la-superficie-da-proteggere-riducendo-notevolmente-la-superficie-di-attaco%2F%3Flang%3Dit&title=DEFINISCI+LA+SUPERFICIE+DA+PROTEGGERE+RIDUCENDO+NOTEVOLMENTE+LA+SUPERFICIE+DI+ATTACO&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2018/11/definisci-la-superficie-da-proteggere-riducendo-notevolmente-la-superficie-di-attaco/?lang=it&ts=markdown)  
\[\](mailto:?subject=DEFINISCI LA SUPERFICIE DA PROTEGGERE RIDUCENDO NOTEVOLMENTE LA SUPERFICIE DI ATTACO)  
Link copied  
By [John Kindervag](https://www.paloaltonetworks.com/blog/author/john-kindervag/?lang=it&ts=markdown "Posts by John Kindervag")  
Nov 19, 2018  
3 minutes  
[Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

This post is also available in: [English (Inglese)](https://www2.paloaltonetworks.com/blog/2018/09/define-protect-surface-massively-reduce-attack-surface/ "Passa a Inglese(English)") [繁體中文 (Cinese tradizionale)](https://www2.paloaltonetworks.com/blog/2018/10/define-protect-surface-massively-reduce-attack-surface/?lang=zh-hant "Passa a Cinese tradizionale(繁體中文)") [Nederlands (Olandese)](https://www2.paloaltonetworks.com/blog/2018/10/definieer-een-verdedigingsoppervlak-om-uw-aanvalsoppervlak-enorm-te-verkleinen/?lang=nl "Passa a Olandese(Nederlands)") [Deutsch (Tedesco)](https://www2.paloaltonetworks.com/blog/2018/11/reduzieren-sie-ihre-angriffsflaeche-erheblich-durch-definition-einer-schutzflaeche/?lang=de "Passa a Tedesco(Deutsch)") [한국어 (Coreano)](https://www2.paloaltonetworks.com/blog/2018/10/define-protect-surface-massively-reduce-attack-surface/?lang=ko "Passa a Coreano(한국어)") [Español (Spagnolo)](https://www2.paloaltonetworks.com/blog/2018/11/defina-una-superficie-de-proteccion-para-reducir-drasticamente-la-superficie-de-ataque/?lang=es "Passa a Spagnolo(Español)") [Türkçe (Turco)](https://www2.paloaltonetworks.com/blog/2018/11/saldiri-yuzeyinizi-buyuk-olcude-azaltmak-icin-bir-koruma-yuzeyi-tanimlayin/?lang=tr "Passa a Turco(Türkçe)")

Uno degli aspetti meno studiati della cybersecurity è la definizione di cosa si vuole proteggere. Si sostiene, in generale, di volere protezione dagli attacchi, ma gli attacchi sono diretti verso qualcosa. Verso cosa, precisamente?

Nel corso degli anni, abbiamo cercato minuziosamente di ridurre la superficie di attacco, ma il compito si è rivelato proibitivo: un po' come per l'universo, tale superficie è in continua espansione. Ogni nuova tecnologia porta con sé problemi specifici e nuove vulnerabilità. L'IoT, ad esempio, ha determinato un enorme incremento della superficie di attacco. Vulnerabilità scoperte di recente, come quelle sfruttate dagli attacchi sui chipset -- ++[Spectre e Meltdown](https://www.paloaltonetworks.com/blog/2018/01/threat-brief-meltdown-spectre-vulnerabilities)++ -- hanno aggiunto quasi tutti i moderni sistemi di calcolo alla superficie di attacco complessiva.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/10/ZeroTrustImage.png)

In Zero Trust, anziché concentrarsi sul macro livello della superficie di attacco, si stabilisce cosa ha bisogno di protezione: l'area più piccola possibile di superficie di attacco, ossia la superficie da proteggere. Di solito, una rete Zero Trust definisce una superficie da proteggere almeno in base a uno dei seguenti quattro aspetti (indicati dall'acronimo DAAS):

**D** ati: *quali dati è necessario proteggere?*

**A** pplicazioni: *quali applicazioni elaborano informazioni sensibili?*

**A** sset: *quali sono gli asset più sensibili?*

**S** ervizi: *quali servizi, come DNS, DHCP e Active Directory, potrebbero essere attaccati al fine di compromettere le normali operazioni IT?*

La caratteristica più importante della superficie da proteggere è che non solo ha un'estensione notevolmente più piccola rispetto alla totale superficie di attacco, ma che è anche ben nota. Si può anche non sapere quale debba essere oggi, ma si può sempre scoprirlo. La maggior parte delle aziende non sono in grado di definire la superficie di attacco, per questo nei test è sempre possibile violarle. Ci sono tantissimi modi per infiltrarsi nel macroperimetro di un'organizzazione. Ecco perché le strategie di sicurezza basate su un ampio perimetro si dimostrano inefficaci. Nel vecchio modello, controlli come firewall e tecnologie di prevenzione delle intrusioni sono posizionati sul limite del perimetro, ossia alla massima distanza dalla superficie da proteggere.

In Zero Trust, avendo definito la superficie da proteggere, è possibile spostare i controlli il più vicino possibile a tale superficie, ossia su microperimetro. Con la nostra tecnologia di nuova generazione operante come gateway di segmentazione, possiamo segmentare le reti tramite policy di Livello 7 e controllare in modo granulare il traffico in entrata e in uscita dal microperimetro. Il numero di utenti o risorse che hanno davvero bisogno di accedere a dati o asset sensibili in un determinato ambiente è molto limitato. Definendo le policy in maniera precisa, limitata e comprensibile, possiamo ridurre notevolmente le possibilità di successo di un attacco informatico.

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

[#### See How We're Fortifying Cloud and AI at AWS re:Inforce 2025](https://www2.paloaltonetworks.com/blog/2025/06/fortifying-cloud-ai-aws-reinforce/)

### [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

[#### Accesso al cloud sicuro: perché abbiamo scelto Palo Alto Networks](https://www2.paloaltonetworks.com/blog/2019/07/cloud-secure-cloud-access-why-we-choose-palo-alto-networks/?lang=it)

### [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

[#### The 5 Big Cloud Security Strategy: una strategia olistica di sicurezza cloud](https://www2.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=it)

### [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

[#### Cosa significa essere "5G-Ready"?](https://www2.paloaltonetworks.com/blog/2019/04/what-does-it-mean-to-be-5g-ready-it/?lang=it)

### [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

[#### Semplificare la strategia di sicurezza multicloud](https://www2.paloaltonetworks.com/blog/2019/04/simplifying-multi-cloud-security-strategy-it/?lang=it)

### [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?lang=it&ts=markdown)

[#### Presentazione di Cortex XDR](https://www2.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-it/?lang=it)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language