Whether you’re scoping out your strategic survival plan in the event of a potential zombie apocalypse or drafting up your company’s security strategy, you can help increase your chances for a healthy outcome by outlining some key rules of engagement. In either scenario, early detection and advanced preparation will ensure your best chance of survival.
Similar to preventing a zombie infestation, protecting your attack surface includes discovering, evaluating, and mitigating the risks – no chainsaws or tactical knives required.
While many theories on the origins of zombies exist, one of the most credible is that of the contagion, Solanum–a virus that travels through the bloodstream to the brain, infecting its host, as noted in Max Brooks’ book, The Zombie Survival Guide. It is thought that the virus is able to replicate using the cells of the brain’s frontal lobe, and destroying them in the process.
That said, zombies can’t exist without vulnerable hosts to prey upon, and nothing is more vulnerable than an unmanaged, untracked asset. Security teams are doing their best to secure their attack surfaces, but manual, error-prone inventory methods may mean those teams don’t even know about 35% of the assets they own. Each one of those “zombie assets'' is a potential risk that can be targeted by malicious actors.
As you might guess, the presence of zombies renders an area uninhabitable. Get the heck out of there if you can, and gather essential survival supplies in the event of a lengthy absence. It could be weeks or even months before an area might be cleared for re-entry.
Like any emergency preparedness kit, for the zombie apocalypse or attack surface management (ASM), have a checklist in mind for the essential items to keep you and yours safe. And, when it comes to evaluating an ASM solution, use the following checklist to ensure you’ve done your due diligence when considering options:
The best zombie is a dead (really dead) zombie. While you might be equipped with the most technologically advanced weaponry, a simple garden hoe could suffice in neutralizing the threat. Non-effective termination methods include any trauma to the upper or lower extremities. While a blow to the chest or severing a leg or two might stop or slow a zombie down, these methods remain ineffective in your core objective: complete and utter destruction.
The only known methods for effectively killing a zombie are either cranial penetration (especially to the frontal lobe), blunt force trauma to the head (go for full-on pulverization if you can, but stand clear of any eruptive fluids), or decapitation (an oldie, but a goodie.)
Using attack surface management, organizations can quickly discover and assign risks for remediation, helping to identify, prioritize and route issues to the relevant stakeholders. With all that time freed up, teams can “go to the Winchester, have a nice cold pint, and wait for this to all blow over.”
The disposal of a “dead” zombie should be handled with caution as much as any hazardous material. Use protective masks and gloves, being careful to cover any open wounds as infection can occur through any fluid exchange. If you can, remove the head just as an extra precaution, because you know…zombies.
Do not attempt to incinerate any remains as this may release airborne toxins. Your best option is to use waterproof material such as a tarp or heavy plastic to seal the remains prior to burial. If you have access to duct tape, use it liberally.
Be sure to find a safe spot for the grave, away from any water source should seepage of body fluids occur. And dig a hole at least 4 to 6 feet deep to prevent scavenging animals from digging up any remains. While animals have been shown to be immune to Solanum, no one needs to see a dug-up, half-eaten putrefied farmhand with a hatchet stuck in his sternum. Unless that’s your jam.
In the same way, one needs to protect the homestead from hungry ghouls circling the perimeter looking for weaknesses, an ASM solution can provide an outside-in view of a continuously updated and data-rich inventory of all internet-connected assets. This comprehensive asset inventory becomes the foundation for all security processes. If you don’t have complete visibility, it’s impossible to discover, evaluate, and mitigate risks to your organization.
By scanning the internet multiple times per day, Xpanse provides a complete inventory of all assets (including IP addresses, domains, certificates, cloud infrastructure, and physical systems) connected to an organization’s network. It also maps who is responsible for each asset in the organization. This data not only ensures complete visibility, but also becomes the foundation for security processes and managing risk–kinda like Brad Pitt in World War Z, but without the bad CGI.
ASM is a first line of defense and a critical component of risk management. Remediation and incident response protocols mirror those when faced with a zombie infestation:
Regardless of how many systems are infected, disconnect from everything except your IR and forensics solutions immediately, isolating them via your EDR/EPP console. If this cannot be accomplished in a timely manner, or if more than a few systems are infected and you have not implemented strong firewall egress filtering and proxy servers, immediately block ALL outbound traffic to external networks.
Implement filters on internal routers, firewalls, and other networking equipment as appropriate to isolate infected segments, and monitor network traffic to ensure internal containment.
Learn from protected systems to detect malicious activity from unprotected systems. Prevent C2 connections from unprotected assets behind the firewall by Identifying indicators of compromise (IOCs) – IP addresses, domains, etc. – from infected or affected hosts, and uploading them to your network/firewall.
Monitor all network traffic in order to address possible multifaceted attacks. Review appropriate log files to attempt to identify the first system infected and what the attack vector was, if possible. It is vital to determine if any of the infected systems successfully connected to any site on the internet and what information, if any, were exposed.
Creating an attack surface management plan can help move beyond the limitations of manual tracking and remediation of misconfigurations and exposures:
These are the baseline ASM features an organization should expect, yet with Cortex Xpanse CISOs will find all of them and have even more abilities:
To learn more about Cortex Xpanse and how it can help provide the source of truth your security operations needs, request a demo today.
Plus, download our 2022 Attack Surface Management Report to understand the risks, and learn how automation can help security teams stop chasing a moving goalpost and reduce risks.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.