Attack Path Prioritization
Attack path prioritization in cybersecurity ranks the various actions an attacker could take to compromise a system or network. It involves analyzing potential attack paths—the series of steps an attacker must complete to achieve their objective—and assigning them a priority based on factors like:
Likelihood of success: How probable is it that an attacker can complete each step in the path?
Impact of success: What is the potential damage if the attacker reaches their goal?
Effort required by the attacker: How much time, resources, and skill would the attack path require?
Detectability: How easily can security defenses detect the attacker's actions along the path?
Attack path prioritization helps security teams focus their limited resources on the most critical threats. By understanding which attack paths pose the most significant risk, organizations can implement the most effective security measures to disrupt or prevent those attacks.
Here's how ThreatNG can assist with attack path prioritization:
ThreatNG's external discovery is the initial stage for attack path prioritization. It allows security professionals to map out the various entry points and assets an attacker could target to gain initial access to the environment, laying the foundation for identifying possible attack paths.
ThreatNG's external assessments provide crucial data for evaluating the likelihood and impact of different attack paths:
Web Application Hijack Susceptibility: A high susceptibility score here indicates a likely entry point. Security teams should prioritize attack paths that start with the compromise of these applications.
Subdomain Takeover Susceptibility: Like web applications, vulnerable subdomains can easily be exploited. Attack paths involving subdomain takeovers should be given high priority.
Cyber Risk Exposure: This assessment reveals exposed services (like databases or remote access protocols) and known vulnerabilities. Attack paths that combine initial access with exploiting these vulnerabilities are more likely to succeed and potentially impact.
Code Secret Exposure: Exposed credentials (API keys, passwords) significantly increase the likelihood of successful attacks. Attack paths using these credentials to access critical systems should be prioritized.
Mobile App Exposure: If mobile apps have vulnerabilities or exposed credentials, they can be an initial access point. Attack paths that use compromised mobile apps to reach backend systems need attention.
3. Reporting
ThreatNG's reporting can help prioritize attack paths by highlighting the most critical risks. For example, reports might emphasize systems with high Cyber Risk Exposure and exposed credentials, indicating a high-risk attack path.
The reporting can also provide scores for Ransomware Susceptibility, which can help prioritize attack paths that may lead to ransomware attacks.
Attack paths and their associated risks can change. Continuous monitoring by ThreatNG ensures that security teams are aware of new vulnerabilities or misconfigurations that create or worsen attack paths.
ThreatNG's investigation modules provide detailed information for analyzing and prioritizing attack paths:
Domain Intelligence: This module can reveal relationships between domains and subdomains, helping to understand how an attacker might move through the infrastructure.
Sensitive Code Exposure: This module pinpoints exposed credentials and key elements in many high-risk attack paths.
Cloud and SaaS Exposure: This module helps identify vulnerabilities in cloud services that could be part of an attack path.
Search Engine Exploitation: This module can show how attackers might use information gathered from search engines to facilitate an attack.
ThreatNG's intelligence repositories provide context for attack path prioritization:
Dark Web Presence: Information on compromised credentials helps assess the likelihood of attackers using those credentials in an attack path.
7. Working with Complementary Solutions
While the document doesn't detail specific integrations, ThreatNG works well with other security solutions to enhance attack path prioritization:
Vulnerability Management Tools: ThreatNG's external attack path analysis can be combined with internal vulnerability scans to provide a complete view of attack paths.
SIEM Systems: ThreatNG's findings can be integrated into SIEM systems to correlate external attack vectors with internal events, improving the accuracy of attack path prioritization.
Risk Management Frameworks: ThreatNG's data can be used to feed into risk management frameworks to quantify and prioritize risks associated with different attack paths.