MINIMUM VIABLE CYBERSECURITY FRAMEWORK FOR PROTECTING CYBER ATTACKS FROM EXTERNAL THREAT VECTORS
Abstract
In cybersecurity, an attack surface refers to the potential vulnerabilities and entry points
that an attacker could use to compromise a system, network, or application. Thus, understanding
and managing the attack surface is a critical component of effective cybersecurity, as it helps to
reduce the risk of successful attacks and protect sensitive data and systems from unauthorized
access or damage. Through this research, my main objective was to create a minimum viable
cybersecurity framework for protecting cyber-attacks from external threat vector that helps in
preventing and remediating the most common cyberattack threat vectors across industries,
platforms, and threat landscapes with minimal effort. I used Alexa’s Top 1000 websites and 200
random websites as a source input and performed passive scans on those websites using the
Threat Meter tool (An External Attack Surface Monitoring Tool built by Sumeru Software
Solutions). From the scans, I obtained raw data containing classes such as Industry, Attack
Vectors, Threat Vectors, Threat score, Total no of Threats, and Fail Ratio. To achieve the main
objective, I first performed an initial data analysis on the raw data obtained from the scans and
arrived at inferences based on the initial analysis. I then used the inferences to answer some
questions which helped me to build the framework. Wherever initial analysis inference was
inadequate, I performed data sampling over the raw data to arrive at new inferences. My goal
was to build a security framework that would help in preventing and remediating the most
common cyberattack threat vectors across industries, platforms, and threat landscapes with
minimal effort.