3.2. Threat Vectors and Attack Surfaces
š” First Principle: Attackers don't break in everywhere at once ā they find the weakest door. A threat vector is the path an attacker uses to reach a target. The attack surface is the total set of potential entry points. Think of your organization as a building: the threat vectors are the doors, windows, ventilation ducts, and delivery entrances. The attack surface is every possible way in, including ones you haven't thought of yet.
What happens when you fail to manage your attack surface? Attackers find the path of least resistance. You might fortify the front door (firewall) while leaving the back window open (unpatched web application) or the ventilation shaft unguarded (compromised vendor with VPN access). The goal of attack surface management is to know every entry point, minimize unnecessary ones, and monitor the rest.
Understanding vectors matters because different defenses block different paths. A firewall stops network-based vectors but does nothing against a phishing email. Email filtering blocks message-based vectors but can't detect a compromised USB drive. Layered defense means covering multiple vectors simultaneously.
