Effectively Manage Attack Paths to Enable Better Risk Decisions

Learn how Epiphany manages attack paths so you can make better risk decisions.

Attackers use attack paths to access your valuable assets. Attack paths are the highways and paths attackers take to reach something of material value within your organization. Attackers do this using combinations of conditions ranging from exploitable vulnerabilities, to exposed identities, to misconfigured systems.

Attack path management is the science of reducing or eliminating the potential for material impact within your environment. By understanding how attackers can take advantage of your environment's exploitability, you can know where and how to take away their opportunities to cause harm. Attack path management is an important part of an overall exposure management approach.

Outcome:

  • You can identify the attack paths a malicious actor can take to gain access to key objectives, thus quickly identifying opportunities to remove attack opportunities. Review Epiphany’s remediation guidance and the outcomes of following Epiphany’s recommendations.

Scenario: Changes to User Permissions, Hardware, and Networking Parameters Introduce Risk and Blue Teams Work to Uncover Issues

Changes to user permissions, hardware (for example, installing software or changing configurations), and networking parameters often introduce unintended risks. Furthermore, policies that are not followed (such as not logging in to workstations with domain admin credentials) are risky and not always easily detectable. Organizations employ red and blue teams to either uncover issues such as these and simulate malicious acts or to identify and protect against them. Epiphany shows the attack paths that can be taken by a malicious actor to gain access to key objectives. This makes it possible for you to remediate misconfigurations, policy errors or omissions, or otherwise risky behavior deemed to be a pathway to materially compromise critical assets.

Solution: Epiphany Provides Detailed Information about Attack Paths

Epiphany’s Attack Paths view provides visual representation of attack chains, prioritized by objective and the attacker’s ability to exploit with minimal friction. These representations highlight noncompliance to policies and other configuration issues that introduce risk. Furthermore, they provide remediation guidance options recognizing that one size may not fit all options. You can view attack paths in multiple places in Epiphany.

Top Attack Paths Dashboard Widget

On Epiphany’s customizable dashboard, you can include the Top Paths widget. It gives you a birds-eye view of the most materially impacting and dangerous attack paths across your environment. It orders the paths based on administrative exposure, criticality, and then generic exposure of a potentially high-value application.

Attack Paths Prioritized by Criticality, or Optionally by Business Impact Matrix Group

Epiphany’s path finder is one of the most useful tools for understanding your exposure. When Epiphany builds an attack path to a unique objective (a “prize”) it creates a new card and ranks it appropriately for you. In the image, you can see that each card provides rich information about each attack path. You can also change the view here, to view attack paths by business impact matrix (BIM) group, which was discussed earlier.

Detailed Attack Path With Remediation Guidance at One Traversal Point

On an attack path card, click on Detailed Path to view an interactive view of the attack path. You can click on a triangular tools icon to pop up information about that specific element of the overall path.

Recommendations Engine in Attack Path Detail

Click on the circular tools icon in the upper-left corner of the view to display Epiphany’s Top Recommendations engine. Epiphany identifies the attack path variation that represents the greatest impact with the least attacker risk. This view is the compression of potentially millions of variations of how an attacker could use a single permission of vulnerability. The recommendation engine shows the number of paths broken, which indicates how many attacker opportunities you eliminate if you make the recommended change.

Last updated