Attack path analysis is an important tool in the fight to stay ahead of increasingly sophisticated attacker methodology.
Rapid7云风险完成Attack path analysis is a simplified way of graphically visualizing the avenues bad actors can use to navigate your on-prem 和 cloud environments. 攻击者可以利用这些不同的“路径”来访问敏感信息, 意料之中的是, 利用易受攻击的配置或资源. 大企业层面的业务, 不难想象潜在攻击路径的绝对数量.
通过研究这些数据以攻击图的形式, it’s easier to get a real-time underst和ing of risk 和 identify relationships between compromised resources 和 how they could affect your larger network. 为此目的, 大多数安全团队似乎都能迅速找到攻击路径并负责任地修复它们. 据估计,75%的暴露是无法被攻击者利用的死胡同.
阻塞点指的是潜在攻击路径汇聚的地方, 它是获取敏感数据和资产的主要通道. The critical nature of a choke point is also what makes it a great place to identify anomalous activity 和 simplify exactly what it is you need to investigate. It’s here where logs can be centralized 和 baseline behaviors set so that teams know what looks normal 和 what doesn’t as it comes through the choke point.
有许多术语不仅听起来类似于“攻击路径”,“但在定义和功能方面也有重叠. 让我们来看看这些术语之间的一些关键区别.
An attack path is the visual representation of the specific journey an attacker could take to access sensitive data or leverage system access to exploit vulnerabilities. The attack path is typically represented by a graph 和 can be accessed via data that a cloud security solution already harvests 和 analyzes from accounts 和 associated services. 从那里, 解决方案应该能够与源通信, 目标, 以及每个攻击路径的严重程度.
攻击向量本质上是攻击者进入系统的切入点. 从那里,攻击者将采取攻击路径到所需的信息或资源. 恶意软件, 例如, 有三种主要的载体类型——特洛伊木马, 病毒, 蠕虫——利用典型的通信方式,如电子邮件. 其他典型的载体包括系统入口点,比如被盗用的凭据, ransomware网络钓鱼方案,以及利用云错误配置.
An 攻击表面 is a collection of vulnerable attack vectors along an entire network – on-prem 和 cloud – where attackers could gain entry. 单个攻击向量会创造出小的开口, but the combination of all of those entry points creates a larger vulnerability that can turn common networks into dynamic 攻击表面s. The 攻击表面 contains vectors through which an attacker can create a path to sensitive assets 和 data.
攻击路径分析的工作原理是帮助安全团队可视化跨云环境的实时风险. In the quest to uncover potentially toxic combinations – originally purpose-built within the network to be useful – teams begin to underst和 the current overall health of their network. Does its current state leave the organization 和 business at higher risk or will they find out they’re actually in a relatively secure place?
作为攻击路径管理和分析如何工作的一个示例,让我们考虑 身份和访问管理(IAM). 事先不知道安全小组的情况下, 环境是否真的对帐户接管开放,使攻击者可以肆无忌惮地四处走动?
Login credentials could be taken 和 exploited to gain further access to customer information or intellectual property. 如果IAM系统被破坏并且凭证被盗, 攻击者可以访问, 好吧, 一切. 让我们来看一些步骤:
In order to detect these types of attacker movements faster – or to block them before they ever have a chance to begin – it’s critical to:
Attack path analysis is an important tool in the fight to stay ahead of increasingly sophisticated attacker methodology. 它可以帮助安全组织理解其中的原理, 尽管某些配置和连接在某种意义上可能是有益的, 它们也可能留下漏洞等待被利用.
攻击路径分析应该是 整体云安全解决方案 这强调了攻击路径映射和识别的速度. It also grants greater visibility 和 underst和ing of how to best secure the network while simultaneously keeping business operations on track.
风险优先级是上述各方面的产物, which yields the benefits of knowing where to place analyst effort at any given time 和 proactively taking action against emerging threats.
安全团队最大的好处是可见性, 速度, 以及由攻击路径分析确定的风险优先级, 从业者比以往任何时候都更能像攻击者那样思考. 因为威胁行为者的愿望是当他们面临被发现的高风险时迅速行动, 在攻击开始之前,他们必须预先确定攻击路径中一定数量的潜在步骤.
When a security organization begins identifying potential paths 和 thinking proactively about the lateral movements an attacker might make along the way to accessing sensitive information, they begin to truly underst和 the uniqueness of their network 和 how best to secure it against threats.
Security teams – especially the non-technical stakeholders that rely on those teams – would do 好吧 to be educated on the specific use cases of attack path analysis 和 how they can identify opportunities to leverage them.