攻击路径分析是一种简化的方法,可以以图形化的方式显示恶意行为者可以用来导航本地和云环境的途径. Attackers can leverage these different “paths” to access sensitive information 和, 意料之中的是, exploit a vulnerable configuration or resource. At the level of large enterprise business, it’s not difficult to imagine the sheer number of potential attack paths.
By studying this data in the form of an attack graph, 实时了解风险并确定受损资源之间的关系以及它们如何影响更大的网络更容易. 为此目的, the majority of security teams seem to be finding attack paths quickly 和 remediating them responsibly. An estimated 75% of exposures were found to be dead ends that could not be exploited by attackers.
Choke points refer to places where potential attack paths come together, 和 it’s a major gateway to sensitive data 和 assets. 阻塞点的关键性质也使它成为识别异常活动和简化您需要调查的内容的好地方. 在这里,可以集中日志并设置基线行为,以便团队知道当它通过阻塞点时,哪些看起来正常,哪些不正常.
There are a number of terms that not only sound similiar to "attack path," but also overlap in terms of definition 和 function. Let's take a look at a few key differences between some of those terms.
攻击路径是攻击者访问敏感数据或利用系统访问来利用漏洞的特定旅程的可视化表示. 攻击路径通常由图形表示,并且可以通过云安全解决方案已经从帐户和相关服务中收集和分析的数据来访问. 从那里, the solution should be able to communicate the source, 目标, 以及每个攻击路径的严重程度.
An attack vector is essentially the break-in point where the attacker entered a system. 从那里, the attacker would take the attack path to the desired information or resource. 恶意软件, 例如, has three main vector types – trojan horse, 病毒, 和 worms – that leverage typical communications like email. 其他 typical vectors include system entry points like compromised credentials, ransomware, phishing schemes, 和 the exploitation of cloud misconfigurations.
An 攻击表面 整个网络(本地和云)是否存在易受攻击的攻击向量集合,攻击者可以进入其中. Individual attack vectors create small openings, 但是,所有这些入口点的组合创造了一个更大的漏洞,可以将普通网络变成动态攻击面. 攻击面包含向量,攻击者可以通过这些向量创建通往敏感资产和数据的路径.
Attack path analysis works by helping security teams visualize real-time risk across cloud environments. 为了发现潜在的有害组合(最初在网络中构建的目的是为了有用),团队开始了解其网络当前的整体健康状况. 它的当前状态是否会使组织和业务处于更高的风险之中,或者他们会发现他们实际上处于一个相对安全的地方?
As an example of how attack path management 和 analysis works, let’s consider the concept of identity 和 access management (IAM). Without prior knowledge of the security team, is the environment actually open to an account takeover where an attacker could strut around unchecked?
登录凭据可能被获取并利用,以获得对客户信息或知识产权的进一步访问. If an IAM system is compromised 和 credentials stolen, 攻击者可以访问, 好吧, 一切. 让我们来看一些步骤:
为了更快地检测到这些类型的攻击者的行动,或者在他们有机会开始之前阻止他们,关键是:
攻击路径分析是对抗日益复杂的攻击者方法的重要工具. It helps security organizations underst和 how, even though certain configurations 和 connections may be beneficial in one sense, they may also leave gaping vulnerabilities waiting to be exploited.
Attack path analysis should be part of a 整体云安全解决方案 that places an emphasis on 速度 in attack path mapping 和 identification. 它还提供了更好的可视性和理解如何在保持业务运行正常的同时最好地保护网络.
Risk prioritization is a product of the aspects above, 知道在任何给定的时间将分析人员的工作放在哪里,并主动采取行动应对新出现的威胁,这样做的好处是什么.
The greatest benefit to a security team is that with the visibility, 速度, 和 risk prioritization granted by attack path analysis, practitioners can think like attackers better than ever. Because a threat actor’s desire is to act with 速度 when they’re at high risk of discovery, they have to pre-determine a certain number of potential steps in an attack path before they even begin.
当安全组织开始识别潜在的路径并主动考虑攻击者可能在访问敏感信息的过程中进行的横向移动时, 他们开始真正了解网络的独特性,以及如何最好地保护网络免受威胁.
安全团队——尤其是依赖于这些团队的非技术涉众——最好接受攻击路径分析的具体用例培训,以及如何识别利用它们的机会.