Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How Your Adversaries Increase Their Odds Thanks to the Growing Attack Surface

I recently listened to a podcast discussing the expanding legalization of sports betting in the United States.

The guest turned out to be a cybersecurity enthusiast-turned-professional poker player. In one part of the show, he described how, in advance of the Super Bowl, sportsbooks offer hundreds of bets known as propositions, or “props,” on which gamblers can wager their hard-earned dollars.

The props range from the seemingly sensical – How many combined touchdowns will both teams score? – to the more obscure (and slightly absurd) – What color of Gatorade will be dumped on the winning coach?

In gambling, the No. 1 rule is the house always wins. But Super Bowl props provide a potentially advantageous opportunity for the shrewd bettor. Why is this the case?

To explain, the podcast guest drew on his security background and compared the plethora of Super Bowl wagering options to the ever-widening cyberattack surface.

The more choices a smart punter has on which to risk their money, he said, the more likely they will discover opportunities that can be exploited. Thus, their edge of winning is bigger. The same goes for malicious hackers seeking entry into a target organization. Their likelihood of success grows with each available vulnerability.

Which brings us to the point of all of this: Your attack surface is teeming with potential liabilities. Here are the modern-day risks you need to mitigate to help prevent your adversaries from cashing in.



Most advanced threats that evade traditional prevention security measures start on the endpoint, and with the explosive growth of the Internet of Things (IoT), that means you have more ground to cover than ever. Desktops and laptops may be the most common initial infection point, but anything with an internet connection places your organization at risk. That includes non-traditional endpoints, including routers. To overcome limitations, you should combine strong internal policies with testing, detection and response capabilities to help stay protected.


Applications and Databases

Applications act as the digital front door into your organization, and databases are their connected companions. Both necessitate varying forms of protection, each requiring a multi-pronged approach. The threat of vulnerable applications, responsible for a surprisingly large number of the major data breaches in recent years, can be assuaged with web application firewalls, scanning and testing, and stronger development training. Meanwhile, database defense must evolve beyond simple patching to also include vulnerability testing, user rights management and activity monitoring.



Phishing is one of those information security problems that even your grandparents know about – yet it remains one of the most successful means of attack, even against businesses that know it’s coming. The reason why is simple: It works. Everybody still uses email, and attackers have invoked clever ways to prey on human emotions and dupe uses into divulging confidential credentials or clicking on links and attachments. To address human frailty and conquer savvy phishers, you should deploy an advanced email security gateway, complemented by a security awareness program that uses creative ways to reach employees.


The information contained here should help clarify what you need to do to reduce your attack surface. And, by the way, if you’re betting on the color of Gatorade, go with clear.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.