Hardening, when applied to computing, is the practice of reducing a system’s vulnerability by reducing its attack surface.
Hardening may involve a reduction in attack vectors by culling the pathways, or vectors, attackers would use. It may range from adhering to blanket policies such as Zero Trust, the Principle of Least Privilege (PoLP), or Defense In Depth, but also manifest as certain task lists such as implementing workforce training, segmenting resources, automating security updates, resetting default passwords, hashing passwords, and ceasing to store or transmit data unless it is encrypted.
Reducing attack vectors through hardening also involves system owners cutting unnecessary services or processes. Overall, a system that provides more services has a much broader attack surface than one performing just one function.
However, before you can effectively harden a system, you first need to understand its full attack surface: every asset, endpoint, and exposure point that could be targeted. This visibility is often where organizations fall short. Solutions like Cyber Asset Attack Surface Management (CAASM) help by continuously mapping and monitoring all assets, so you can identify vulnerabilities and prioritize hardening where it matters most. Without this baseline visibility, you may be locking doors without realizing which ones are still open.
Example:
“Hardening our systems to make them more resistant to attack will entail discontinuing unneeded or unused services, as these entry points needlessly provide attack vectors through which cyberattacks are deployed. The fewer doors — the fewer unwanted visitors.”