* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es)
* Defina una superficie de ...

# Defina una superficie de protección para reducir drásticamente la superficie de ataque

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fdefina-una-superficie-de-proteccion-para-reducir-drasticamente-la-superficie-de-ataque%2F%3Flang%3Des)  
[](https://twitter.com/share?text=Defina+una+superficie+de+protecci%C3%B3n+para+reducir+dr%C3%A1sticamente+la+superficie+de+ataque&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fdefina-una-superficie-de-proteccion-para-reducir-drasticamente-la-superficie-de-ataque%2F%3Flang%3Des)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fdefina-una-superficie-de-proteccion-para-reducir-drasticamente-la-superficie-de-ataque%2F%3Flang%3Des&title=Defina+una+superficie+de+protecci%C3%B3n+para+reducir+dr%C3%A1sticamente+la+superficie+de+ataque&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2018/11/defina-una-superficie-de-proteccion-para-reducir-drasticamente-la-superficie-de-ataque/?lang=es&ts=markdown)  
\[\](mailto:?subject=Defina una superficie de protección para reducir drásticamente la superficie de ataque)  
Link copied  
By [John Kindervag](https://www.paloaltonetworks.com/blog/author/john-kindervag/?lang=es&ts=markdown "Posts by John Kindervag")  
Nov 19, 2018  
3 minutes  
[Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

This post is also available in: [English (Inglés)](https://www.paloaltonetworks.com/blog/2018/09/define-protect-surface-massively-reduce-attack-surface/ "Cambiar a Inglés(English)") [繁體中文 (Chino tradicional)](https://www.paloaltonetworks.com/blog/2018/10/define-protect-surface-massively-reduce-attack-surface/?lang=zh-hant "Cambiar a Chino tradicional(繁體中文)") [Nederlands (Holandés)](https://www.paloaltonetworks.com/blog/2018/10/definieer-een-verdedigingsoppervlak-om-uw-aanvalsoppervlak-enorm-te-verkleinen/?lang=nl "Cambiar a Holandés(Nederlands)") [Deutsch (Alemán)](https://www.paloaltonetworks.com/blog/2018/11/reduzieren-sie-ihre-angriffsflaeche-erheblich-durch-definition-einer-schutzflaeche/?lang=de "Cambiar a Alemán(Deutsch)") [Italiano](https://www.paloaltonetworks.com/blog/2018/11/definisci-la-superficie-da-proteggere-riducendo-notevolmente-la-superficie-di-attaco/?lang=it "Cambiar a Italiano(Italiano)") [한국어 (Coreano)](https://www.paloaltonetworks.com/blog/2018/10/define-protect-surface-massively-reduce-attack-surface/?lang=ko "Cambiar a Coreano(한국어)") [Türkçe (Turco)](https://www.paloaltonetworks.com/blog/2018/11/saldiri-yuzeyinizi-buyuk-olcude-azaltmak-icin-bir-koruma-yuzeyi-tanimlayin/?lang=tr "Cambiar a Turco(Türkçe)")

En ciberseguridad, una de las cosas a las que se suele prestar menos atención es la definición de lo que se está intentando proteger. Todo el mundo está de acuerdo en que el objetivo es defenderse de los ataques, pero los ataques van dirigidos contra algo. ¿Qué es ese algo?

A lo largo de los años, hemos hecho todo lo posible por reducir la superficie de ataque, pero por desgracia esta es como el universo: se expande constantemente. Cada nueva tecnología trae consigo nuevos problemas y vulnerabilidades. En particular, el Internet de las cosas ha hecho que la superficie de ataque crezca de forma desmesurada. Con las vulnerabilidades descubiertas recientemente, como las aprovechadas en ataques a conjuntos de chips ---++[Spectre y Meltdown](https://www.paloaltonetworks.com/blog/2018/01/threat-brief-meltdown-spectre-vulnerabilities?ts=markdown)++---, casi cualquier sistema informático moderno pasa a formar parte de la superficie de ataque global.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/10/ZeroTrustImage.png)

En un modelo Zero Trust (confianza cero), en lugar de concentrarnos en el nivel macro de la superficie de ataque, decidimos lo que necesitamos proteger: la mínima reducción posible de la superficie de ataque o la superficie de protección. Por lo general, una red Zero Trust define la superficie de protección atendiendo al menos a uno de los siguientes cuatro criterios (que se pueden recordar con el acrónimo DAAS):

**D** atos: *¿qué datos hay que proteger?*

**A** plicaciones: *¿qué aplicaciones utilizan información sensible?*

**A** ctivos: *¿cuáles son los activos más sensibles?*

**S** ervicios: *¿en qué servicios (como DNS, DHCP y Active Directory) se puede crear un exploit para interrumpir las operaciones de TI normales?*

Lo mejor de la superficie de protección es que, además de ser mucho más pequeña que la superficie de ataque general, siempre se puede conocer. Tal vez no sepa cuál debería ser dicha superficie, pero siempre puede averiguarlo. La mayoría de las organizaciones no sabe cuál es la superficie de ataque, lo que hace que los probadores de intrusión siempre consigan su objetivo. Hay muchísimas formas de infiltrarse en el macroperímetro de una organización. Por eso los sistemas de seguridad basados en un perímetro extenso han resultado ineficaces. Antes los controles, como los cortafuegos y las tecnologías de prevención de intrusiones, se colocaban en el extremo del perímetro, así que no podían estar más lejos de la superficie de protección.

En el modelo Zero Trust, al definir una superficie de protección, podemos acercar los controles lo más posible a dicha superficie para trazar un microperímetro. Nuestra tecnología de nueva generación funciona como puerta de enlace de segmentación, lo que nos permite segmentar las redes en políticas de capa 7 y controlar de forma detallada el tráfico que entra y sale del microperímetro. En cualquier entorno, son muy pocos los usuarios o recursos que de verdad necesitan acceder a activos o datos sensibles. Si creamos políticas limitadas, precisas y comprensibles, reduciremos las posibilidades de éxito de los ciberataques.

*** ** * ** ***

## Related Blogs

### [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

[#### la solución de seguridad para dispositivos IdC médicos en la que confiar cuando la vida de sus pacientes está en sus manos](https://www.paloaltonetworks.com/blog/2022/12/medical-iot-security-la-solucion-de-seguridad-para-dispositivos-idc-medicos-en-la-que-confiar-cuando-la-vida-de-sus-pacientes-esta-en-sus-manos/?lang=es)

### [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

[#### Acceso seguro a la nube: por qué elegimos Palo Alto Networks](https://www.paloaltonetworks.com/blog/2019/07/cloud-secure-cloud-access-why-we-choose-palo-alto-networks/?lang=es)

### [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

[#### The 5 Big Cloud: una estrategia de seguridad en la nube integral](https://www.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=es)

### [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

[#### Todo Es Posible](https://www.paloaltonetworks.com/blog/2019/07/todo-es-posible/?lang=es)

### [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

[#### ¿Qué significa estar preparado para la tecnología 5G?](https://www.paloaltonetworks.com/blog/2019/04/what-does-it-mean-to-be-5g-ready-es/?lang=es)

### [Sin categorizar](https://www.paloaltonetworks.com/blog/category/sin-categorizar/?lang=es&ts=markdown)

[#### Simplificación de su estrategia de seguridad en entornos de varias nubes](https://www.paloaltonetworks.com/blog/2019/04/simplifying-multi-cloud-security-strategy-es/?lang=es)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language