Attack Surface & Vulnerability
Understanding the relationship between attack surface, vulnerabilities, and threats
How These Concepts Connect
Click each concept to learn more about its role in the security landscape.
Attack Surface
What can be targeted
Vulnerability
Weakness that exists
Threat
Actor with capability
Exploit
Technique to abuse
Comparison: Surface vs. Vulnerability
| Aspect | Attack Surface | Vulnerability |
|---|---|---|
| Definition | Sum of all potential entry points | Specific weakness or flaw |
| Scope | Broad - entire exposure | Narrow - specific issue |
| Management | Reduce/minimize | Patch/remediate |
| Examples | Open ports, APIs, users | CVE-2021-44228, misconfig |
Vulnerability Lifecycle
From discovery to remediation
Vulnerability Management Lifecycle
Click each stage to learn about the process.
Vulnerability Timeline
| Phase | Description | Risk Level |
|---|---|---|
| Zero-Day | Unknown to vendor, no patch exists | Critical |
| Disclosed | Publicly known, patch may be available | High |
| Patch Available | Fix released, but not yet applied | High |
| Patched | Fix applied to affected systems | Low |
SOC Analyst Perspective
How vulnerability intelligence feeds into security operations
SOC's Role in Vulnerability Context
Alert Prioritization
SOC analysts use vulnerability context to prioritize alerts. An alert on a system with known critical vulnerabilities gets escalated faster.
Threat Hunting
When new vulnerabilities are disclosed (like Log4Shell), SOC proactively hunts for exploitation attempts before automated detection is tuned.
Risk Assessment
Combining vulnerability data with threat intelligence helps assess which vulnerabilities are actively being exploited in the wild.
Incident Response
During IR, understanding which vulnerabilities exist on compromised systems helps determine attack vector and scope.
Integration Points
| Source | Data Provided | SOC Use |
|---|---|---|
| Vulnerability Scanner | Asset vulnerabilities | Enrich alerts with context |
| CMDB/Asset Inventory | System criticality | Prioritize response |
| Threat Intel Feeds | Actively exploited vulns | Hunt for exploitation |
| Patch Management | Remediation status | Track exposure window |
Knowledge Assessment
Test your understanding of attack surface and vulnerability concepts