People often get the terms attack surface, and attack vector confused. Though these terms are related, they hold a different meaning altogether.
What is anAttack Surface?
Attack surface is the sum of all the touchpoints on your network where an adversary can attempt to gain entry across your hardware, software, cloud, and network components. These components can include,
Managed and unmanaged devices
Cloud storage and apps
Wi-Fi access points and routers
Third-party vendors, and more.
An organization’s attack surface constantly expands and shape-shifts in both physical and digital dimensions, making it quite a task to manage it. However, organizations can reduce the risk to their attack surface with continuous mapping and real-time visibility.
What is an attack vector?
An attack vector is the actual method that a threat actor uses to breach or infiltrate your network.
Attack vectors may target weaknesses in your security and overall infrastructure, or they may even target the people in your organization.