Attack Surface as a Service

Conference:  BlackHat USA 2019



Protecting public facing assets is becoming increasingly problematic for any company with an online presence today. Growing online communities providing pre-built tools to easily bypass traditional defenses and a constant tug-of-war between usability and security contribute to this emerging, complex issue.What if we could force malicious actors into our own, controlled, battleground and move the attack surface away from our assets?By directing attacks away from the target website and onto our own environment, we force them to play by our rules. We can use this ‘attack surface’ to automatically adapt to new threats, gain direct feedback through network effect, and utilize automated processes and ML to evolve with each attack. This allows us to interrogate a suspect attacker through tests that are difficult to implement directly onto the asset.This talk will outline the practical and hypothetical applications of utilizing third party services as a democratized defense against attackers informed by network effect with an emphasis on the separated ‘attack surface’ introduced above.