Cyber Insiders - Magazine - Page 11
Chapter 1: What are you
trying to protect?
Adversaries will leverage
tactics,
techniques,
and
procedures to exploit attack
vectors
and
perform
privilege
escalation
or
lateral movement. Chaining
multiple exploitable attack
vectors together to achieve
the attacker’s objectives
defines the attack path.
In order to manage this
heightened
exposure,
organisations first need to
understand
the
attack
surface they are trying to
protect, this encompasses
not only their on premise
and cloud environments but
also the third parties they
are integrating, connecting
and transacting with.
Only by understanding and
subsequently consolidating
your attack surface, can you
effectively monitor it for
misconfigurations, the most
likely weakness an attacker
will exploit.
Once an organisation gains
visibility of its attack surface,
threat intelligence, control
validation, and adversarial
emulation can be applied to
people,
processes,
and
technologies to improve the
prevention, detection, and
response capabilities of the
organisation.
t should be noted that
continuously identifying and
remediating every security
issue
across
an
organisation’s environment
is not practical due the finite
resources
of
most
organisations.
While it is essential that
organisation’s
gain
and
maintain visibility of the
attack vectors that make up
their attack surface, it is the
process of validating attack
paths which pose the most
risk to critical business
assets, that will provide the
most security benefit.
Therefore,
organisations
need to focus resources and
remedial efforts on their
most critical assets. To
become
more
efficient,
security
teams
must
understand the concepts of
attack vectors and attack
paths.
Attack Vectors vs Attack
Paths
Attack vectors are the
methods
leveraged
by
adversaries
to
gain
unauthorised
access
to
systems and data. Such
methods
are
extremely
varied but could include
system
misconfigurations,
exploitable vulnerabilities,
user privileges, or risky user
behaviours.
This leads to Attack Path
Management. Attack Path
Management is the process
of identifying attack vectors
which can be combined to
form validated attack paths
to
compromise
critical
assets. Often multiple attack
paths will share a single
attack vector along the
path, which is known as a
choke point. Identifying and
eliminating
such
choke
points
will
significantly
increase
the
value
of
remediation
efforts
performed
by
the
organisation’s
limited
security resources.
CYBER INSIDERS MAGAZINE
11