* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Products and Services](https://www2.paloaltonetworks.com/blog/category/products-and-services/)
* Attack Surface Risks, Cha...

# Attack Surface Risks, Challenges and Changes

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F05%2Fattack-surface-risk-challenges-and-changes%2F)  
[](https://twitter.com/share?text=Attack+Surface+Risks%2C+Challenges+and+Changes&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F05%2Fattack-surface-risk-challenges-and-changes%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F05%2Fattack-surface-risk-challenges-and-changes%2F&title=Attack+Surface+Risks%2C+Challenges+and+Changes&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2023/05/attack-surface-risk-challenges-and-changes/&ts=markdown)  
\[\](mailto:?subject=Attack Surface Risks, Challenges and Changes)  
Link copied  
By [Ross Worden](https://www.paloaltonetworks.com/blog/author/ross-worden/?ts=markdown "Posts by Ross Worden")  
May 16, 2023  
8 minutes  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/tag/unit-42/?ts=markdown)  
[Unit 42 Attack Surface Assessment](https://www.paloaltonetworks.com/blog/tag/unit-42-attack-surface-assessment/?ts=markdown)

While digitization has simplified many organizational tasks, it has simultaneously made other facets of business more complex, including an ever-growing attack surface. As the number of connected devices and online services continues to grow, identifying all of these assets and potential vulnerabilities is a challenge. Implementing effective security measures becomes more difficult, especially if you are relying on manual inventory processes.

Depending on the company size, systems on the attack surface are responsible for creating millions or even billions of dollars in revenue. What's more, a failure in these systems could result in serious operational issues or even a complete shutdown. There's also the legal, regulatory and brand impacts. As such, it's vital that the availability of IT infrastructure components is fiercely protected.

## What Attack Surface Challenges Do Organizations Face?

#### Digital Transformation

Transformation comes with many benefits, but these changes bring inherent challenges. For example, in a [cloud environment](https://unit42.paloaltonetworks.com/category/cloud/), multiple employees or third-party contractors might have the ability to intentionally or accidentally make a previously isolated end-of-life system publicly available online. Or, they could simply spin up a new cloud instance outside of security controls. These situations were rare with traditional IT infrastructures, but they're becoming increasingly common.

#### Shadow IT / Rogue IT

Shadow IT (also called rogue IT) refers to situations where employees take IT infrastructure into their own hands to circumvent inconvenient policies, or to avoid the approval process. While they're typically well-meaning, they might inadvertently create attack vectors. For example, an employee may forget to take down a temporary website, provide an overly permissive IAM role for the sake of expediency, or even stand up a new cloud environment without informing IT and security teams.

If IT department and security team members don't know people are adding cloud workloads outside of governance, they won't know how to manage and monitor these attack vectors. These cases aren't entirely new occurrences, but cloud computing and adjacent innovations have certainly increased their frequency. According to the [Unit 42 Cloud Threat Report, Volume 7](https://start.paloaltonetworks.com/unit-42-cloud-threat-report-volume-7), more than 60% of organizations take longer than four days to resolve security issues, while threat actors typically exploit a misconfiguration or vulnerability within hours.

#### Remote Work

While many employees are returning to the office, there's no doubt that the remote work landscape has permanently expanded during the pandemic. Having employees work outside of the company network introduces a number of cybersecurity risks, including weaker security controls, increased susceptibility to threats and sensitive data passing through unsecured networks. We have seen a number of cases where threat actors gained access to corporate devices via an employee's insecure laptop.

## How Is the Attack Surface Changing?

All of these challenges have an impact on the attack surface and overall [attack surface management](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management). We see them exacerbated in key ways:

* **The Attack Surface Is Growing** -- This is often driven by the increasing number of connected devices, systems and cloud instances, all providing cybercriminals with an ever-expanding range of potential vulnerabilities to exploit.
* **Systems Are Becoming More Fragmented** -- Various departments use different versions of the same software. Some stay current on updates and patches while others don't, which leads to an environment that lacks stability and standardization.
* **Expanding Use of Networking Equipment** -- VPNs are used as a protective component, but are often vulnerable to compromise. Meanwhile, data storage and analysis systems need to be accessible, but this leads to exposure to malicious actors and to the possibility that an employee inadvertently pushes sensitive information to a public dashboard. This can create massive regulatory and legal headaches even without a threat actor being involved.

## How to Better Understand Your Attack Surface

The first step in understanding your digital attack surface is identifying all internet-facing assets that could potentially become a target for cybercriminals. This includes a comprehensive and continuously updated inventory of all assets, including their location, what software is installed, who has access (including third-party entities), who is responsible for that asset, and what security controls are in place.

Once you have identified all internet-facing assets, the next step is to conduct a comprehensive risk assessment. This involves identifying potential vulnerabilities and threats to each asset, as well as assessing the potential impact of a successful attack. Organizations can use a variety of tools and techniques to conduct an attack surface risk assessment, including vulnerability scanners, penetration testing tools and threat modeling. However, organizations must understand that all of these tools and techniques are only as good as the asset inventory you have.

Not all vulnerabilities are created equally, and organizations need to prioritize which vulnerabilities to address first, based on the potential impact of a successful cyberattack. Aside from assessing impact, you also need to consider the resources required to address vulnerabilities.

## Attack Surface Reduction Strategies

Adequate protection requires a multi-faceted approach that involves reducing both the internal and external attack surface, as well as implementing effective security measures and attack surface reduction rules to address potential vulnerabilities. From malware to misconfigurations and [ransomware attacks](https://start.paloaltonetworks.com/2023-unit42-ransomware-extortion-report), understanding the threat landscape is a critical first step.

One key issue here is remote desktop protocol (RDP), which represents almost one in four IT security problems according to our [Attack Surface Threat Report](https://start.paloaltonetworks.com/2022-asm-threat-report). While RDP is frequently used in organizations, it's often weakly authenticated and exposed to the internet, offering a host of opportunities to a potential attacker. It is a key attack vector for ransomware.

Once security teams have identified and prioritized vulnerabilities, the next step is to roll out effective remediation measures to reduce your attack surface. These attack surface reduction rules might include limiting the exposure of certain assets, implementing access controls, applying security patches, deploying firewalls and intrusion detection systems, and conducting employee training on cybersecurity best practices.

Finally, it is critical to [monitor your attack surface on an ongoing basis](https://www.paloaltonetworks.com/cortex/cortex-xpanse) and update your security measures as needed. A successful attack surface reduction strategy involves regularly reviewing your security policies and procedures, maintaining up-to-date inventories of all assets, and monitoring for new vulnerabilities and threats. Ongoing monitoring is especially important when underlying systems and processes may simply recreate previously patched vulnerabilities after they have been remediated.

## Why Is Attack Surface Management Important?

[Attack surface management (ASM)](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management) is the process of identifying and managing all exposures and potential entry points to an organization's internet-facing IT systems. It involves taking a comprehensive approach to analyzing and mitigating potential vulnerabilities across an organization's entire attack surface: its networks, applications, data, employees and all exposures, including improper access controls on cloud instances and expired digital certificates.

Gone are the days when you could just assume that everything was in your on-premises environment, so it is essential to discover, evaluate and mitigate exposure of your internet-connected assets. Even as recently as 2022, we saw a significant jump in the portion of [cloud issues](https://unit42.paloaltonetworks.com/category/cloud/)versus on-premises issues, compared to the prior year. Traditional vulnerability management solutions often struggle with out of date or incomplete asset inventories and are especially prone to failure in the cloud since most [vulnerability management scanners](https://start.paloaltonetworks.com/vm-guide-to-asm.html) are IP-based and cloud IPs are constantly changing.

As such, attack surface management is more important than ever to identify potential vulnerabilities before they're exploited by cybercriminals. While conducting regular risk assessments and vulnerability scans, organizations can identify weak points in your security posture. These activities rely on having a comprehensive and up-to-date asset inventory.

These efforts serve to reduce the overall attack surface and lower the risk of cyberattacks and data breaches. This proactive approach to security helps improve brand reputation and avoid losses due to [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response) and downtime. It also helps organizations meet industry or government compliance requirements and avoid penalties or legal action, resulting from non-compliance.

## Unit 42 Attack Surface Assessment

The Unit 42 Attack Surface Assessment can help you gain full visibility of your on-premise and cloud environments, giving you a comprehensive view of your IT infrastructure strengths and vulnerabilities.

Powered by our unmatched [Cortex Xpanse solution](https://www.paloaltonetworks.com/cortex/cortex-xpanse), plus Unit 42 security expertise and threat intelligence, we help you discover all public-facing assets vulnerable to CVEs and remediate threats before they can be exploited. Our attack surface management experts provide you with actionable, prioritized recommendations, and ensure you effectively prioritize actions.

The Unit 42 Attack Surface Assessment is an indispensable tool in your ASM program, helping you identify and manage exposure, mitigate risk and bolster your security posture now and in the future. If your organization needs help starting or advancing your attack surface management program, the [Unit 42 Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment) can help.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in Attack Surface Management](https://www2.paloaltonetworks.com/blog/2024/09/forrester-names-palo-alto-networks-a-leader-in-attack-surface-management/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### 2023 Unit 42 Attack Surface Threat Report Highlights the Need for ASM](https://www2.paloaltonetworks.com/blog/2023/09/attack-surface-threat-report-highlights-need-for-asm/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Find and Fix Your Unknown Risk With Active Attack Surface Management](https://www2.paloaltonetworks.com/blog/2022/12/active-attack-surface-management-with-cortex-xpanse/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Cortex Xpanse rated leading ASM product](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xpanse-rated-highest-value-asm-vendor/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www2.paloaltonetworks.com/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Securing Shadow AI with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/securing-shadow-ai-with-cortex-xpanse/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language