Attack Path Management Impact Report

The XM Cyber 2022 Attack Path Management Impact Report is available. Download now.

The XM Cyber 2022 Attack Path Management
Impact Report

In the 2022 attack path management research report, the XM Cyber research team analyzed nearly 2 million entities to bring insights on the methods, attack paths and impacts of attack techniques that compromise critical assets across on-prem, multi-cloud and hybrid environments, and developed tips for preventing them.

The Impact report begins with a close look at the methodology of attack paths and then reveals the impact of attack techniques used to compromise critical assets across organizations. It then goes on to share some striking statistics about how exposures across the enterprise lead to critical asset compromise. Analysis covers various environments including on-prem, cloud, multi cloud and hybrid networks to share how attackers are propagating the network. 

The XM Cyber Research Team reveals the impact of compromise and contributes it to the big disconnect which can be represented in just 3 numbers: 94, 75, 73

Let’s talk about this big disconnect, the disconnect between what you see and what attackers see. Why is it so vast, what is the real challenge? Using your various security solutions in your organization you see misconfigurations, vulnerabilities and mismanaged credentials but you can’t see how they all come together in the eyes of an attacker…to form an attack path across your entire hybrid network…to reach your business-critical assets…at any given moment.

"75 % of an organizations critical assets could have been compromised in their then-current security state."

What XM Cyber discovered was that 94% of critical assets can be compromised in just 4 hops or less from the initial breach point. That’s leveraging just 4 attack techniques with the majority of attacks that take place involving more than just 1 hop to reach an organizations’ critical assets. It is during the network propagation stage, once the attacker is inside the network, that the attacker is trying to connect different vulnerabilities and exploits together to breach critical assets. The disconnect: you can see your cloud security controls, but you can’t see the hidden attack paths between your on-prem and cloud environments

XM Cyber then saw that 75% of an organizations’ critical assets can be compromised in their then-current security state, because without seeing how the attacker sees your misconfigurations, vulnerabilities and mismanaged credentials in context to your critical assets, you are simply left exposed. The disconnect: you can see tons of security issues, but you can’t see which ones really matter. And not so surprisingly, 73% of the top attack techniques used to compromise critical assets involve mismanaged or stolen credentials. 

In many cases, abused domain credentials give the attacker the initial breach point into your network and allows them to do further reconnaissance, pick a target, and move laterally until they compromise the critical asset. The disconnect: you can see which users potentially need access, but you can’t see which ones can expose your critical assets.

Quick Wins Happen When You Know
Where To Break The Attack Path

Adversaries will often take advantage of multiple vectors when conducting an attack. It’s also important to know that attack vectors may exist even when they appear to be mitigated. For example, creating an extremely strong password won’t help much if you don’t realize that password is available on the dark web, just waiting for an attacker to use it against you. The attack path management platform’s uniqueness is that it can generate many combinations of different attack techniques to create a single attack flow, hence the real number of attack techniques is much larger. Surprisingly, our research showed that organizations have 80% fewer issues to remediate by knowing where to disrupt attack paths.
XM Cyber’s graph-based simulation technology continuously discovers the attack paths that lead to critical assets, enabling full visibility into organizational security posture. This allows users to understand how vulnerabilities, misconfigurations, user privileges etc. chain together to create a cyber-attack path that jeopardizes critical assets.
This is what makes attack path management so helpful – because these same organizations, using all their security tools are not aware of the hidden attack paths that exist between these seemingly unrelated security issues to compromise their critical assets. As mentioned 94% of critical assets can be compromised and only with the adoption of attack path management can we see this and stop it – the value really shows when the XM Cyber Research Team revealed organizations’ have 80% fewer issues to remediate because time and resources are directed and focused on choke points and fixing what matters most. By understanding the attack path you can identify where attack paths converge towards critical assets and direct your remediation efforts there.

Contact

    *Mandatory

    Contact us

    Download
    Impact Report 2022

    2022 Attack Path Management Impact Report

    Download the XM Cyber 2022 Attack Path Management Impact Report and discover so much more!
    The XM Cyber 2022 Attack Path Management Impact Report is the industry’s first annual report that reveals the likelihood and impact of a breach, analyzes the attack techniques used to compromise an organization’s critical assets, and shares best practices to keep our most critical assets protected.

    *You will receive a link to the video at your e-mail address. Your e-mail address will then be used to contact you once on the part of Swiss IT Security Group AG about XM Cyber. The legal basis for this is Article 6 (1) a) DSGVO. You can revoke your consent to the processing of your e-mail address at any time with effect for the future at the following address marketing@sits-group.ch. f there is subsequently no further interest on your part, the email address will be deleted from us immediately. Further information regarding your data subject rights can be found in our privacy policy.

    Vendors & Certifications

    Pioneering products and solutions from the world’s leading vendors

    XM Cyber Logo
    XM Cyber Logo

    XM Cyber

    XM Cyber is the global leader in Attack-Centric Exposure Prioritization that closes gaps in cloud and physical network security. Customers can rapidly identify and respond to cyber risks affecting their business-sensitive systems because the platform continuously calculates every potential attack path.

    Contact

    *Mandatory field

    Download

    Thank you for your interest!

    You can download the product sheet by clicking the button below.

    Contact

    *Mandatory field

    Contact

    *Mandatory field

    Contact

    *Mandatory