Attack Paths are not a new phenomenon. In simple terms, an attack path is identifying vulnerabilities that can be exploited by threat actors to gain access to an asset and create an exploitable path between those assets.
Without going deep into the history, Microsoft, in 2009, published a Paper titled” “Heat-ray: Combating Identity Snowball Attacks Using Machine Learning, Combinatorial Optimisation and Attack Graphs” in which it explained the how these could be leveraged to launch additional attacks with those users’ privileges on other hosts.
That’s why, over a period of time, the concept of Attack Path Management gained popularity. Often times cybersecurity professionals try to focus on protection too many things at once instead of identifying the critical/important assets. Attack Path Management simplifies this and also improves the cyber defence. With proper identification of attack paths, security professionals can reduce the risk considerably and ensure that even if the hackers breach a company’s network, they aren’t able to reach the critical assets.
Recently XM Cyber, an Israeli company, released industry’s first annual Attack Path Management Impact Report in April 2022.
The XM Cyber research team analysed close to 2 million entities to derive insights, attack paths and impacts of attack techniques that compromise critical assets across on-prem, multi-cloud and hybrid environments, and developed tips for preventing them.
The XM Cyber Research Team reveals the impact of compromise and contributes it to the big disconnect which can be represented in just 3 numbers:
- 94
- 75
- 73
94% of critical assets can be compromised in just 4 hops or less from the initial breach point. That’s leveraging just 4 attack techniques with the majority of attacks that take place involving more than just 1 hop to reach an organizations’ critical assets.
75% of an organizations’ critical assets can be compromised in their then-current security state, because without seeing how the attacker sees your misconfigurations, vulnerabilities and mismanaged credentials in context to your critical assets, you are simply left exposed.
73% of the top attack techniques used to compromise critical assets involve mismanaged or stolen credentials.
On the other hand, XM Cyber Attack Path Management platform shows how Active Directory abuse comes into play across the entire attack path, bringing together multiple attack techniques to pinpoint the riskiest credentials and permissions across users, endpoints and services managed in AD. This enables organizations to direct resources to remediate the most impactful risks first, with step-by-step guidance.
DynamicCISO, an ISMG initiative, recently spoke to Zur Ulianitzky, Head of Security Research, XM Cyber about this report. This 20-minute conversation will tell you about:
- Importance of Attack Path Management
- Identifying most critical enterprise assets to safeguard
- How CISOs and Security professionals shall focus on the critical assets
- Effective management of attack paths