Managing and mitigating cyber exposures is a complex task that can leave lightly resourced security teams feeling overwhelmed. Organisations often struggle to keep up with the copious vulnerabilities and exposures, such as misconfigurations, weak credentials and overly permissive identities, making it nearly impossible to address them as they occur, or sometimes spot them at all. Prioritisation and risk-based vulnerability management tools provide some insight, but they are still limited to vulnerabilities in software and, more importantly, don’t often include the needed business context to enable you to prioritise effectively.
As a result, security teams are often left with never-ending and often incomplete laundry lists of issues requiring remediation, leading to frustration and wasted time. In this blog, we explore the need for organisations to shift from a visibility-centric “list” approach to an exposure and threat-led approach viewed through the eyes of an attacker.
Understanding the steps attackers take to target assets is crucial, we need to comprehend the processes and methodology that drive their actions. Therefore, it is critical to map and address attack pathways and the choke points that attackers must traverse to access your critical assets. This enhances remediation efficiency by reducing the risk to critical assets first, effectively allowing security teams to head attackers off at the pass.
What is an attack path?
An attack path is a sequence of vulnerabilities, misconfigurations, permissive identities, or human errors that, when exploited, enable attackers to navigate through a network or system. Organisations can identify and address potential weaknesses by understanding these attack paths, enhancing their overall security posture and mitigating the risk of successful cyber-attacks.
What is a choke point?
A choke point is a concept adopted from the real-life battlefield into cybersecurity, where choke points represent the locations where multiple attack paths intersect just before reaching critical assets. But, to fully understand these choke points in the context of cybersecurity, we must first define entities and critical assets.
Entities encompass endpoints, files, folders, or cloud resources within your environment that attackers can exploit to progress along an attack path towards valuable assets. While critical assets refer to network entities that hold significance for the attacker or the organisation itself, making them attractive targets for attackers. Simply put, a choke point is a key entity where multiple attack paths converge before reaching critical assets.
Attackers can only target the parts of the system they can access
Leveraging attack path mapping solutions, we can determine what route an attacker will take to move laterally across the network to target valuable assets. By outlining specific cyber-attack paths and vectors, we can enhance threat visibility.
Taking this systematic approach, security teams can address multiple exposures in one go, making it much harder for the attacker to achieve their objectives. For example, say you have two different networks, connected by one machine, you will want to ensure that this machine is fully patched, user accounts on it have strong passwords and MFA enabled. You will also want to ensure there is good monitoring for that system in place, it has EDR and someone paying particular attention to any alerts from that machine.
With the right expertise, organisations can construct a comprehensive attack graph and identify attack pathways and critical choke points by visualising how exposures can be leveraged across the environment. Organisations can effectively manage risks and achieve ultra-efficient exposure management by cutting off exposures at these critical junctures.
We recommend that organisations erect as many guardrails as possible while ensuring minimum friction so that employees can continue to do their job unimpeded. If your organisation does not have the in-house expertise or capacity to map potential attack paths and address these choke points, it is best you engage a third-party to advise and implement mitigation recommendations.
Adarma’s range of exposure management services help you understand, prioritise, and report on security exposures before an attack. Constant evaluation of your security posture enables you to mobilise actions that improve your security posture before an attack happens. This preparedness gives you the home advantage in the race against an attacker.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at email@example.com
To hear more from us, check out the latest issue of ‘Cyber Insiders,‘ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new Podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on Twitter and LinkedIn.
An error has occurred, please try again later.An error has occurred, please try again later.