Our security is only as strong as our ability to manage it: The necessity of Attack Path Management for the Hybrid Cloud

Posted by: Michael Greenberg
May 12, 2022

Now it’s no secret businesses have ramped up and driven the adoption of the cloud faster than any period previously. One of the key players in driving the mission of businesses all around the world to digitize is COVID-19. The necessity of operations to keep pace with the high demand of access has driven companies to accelerate their plans from a matter of years to months. In addition, remote working is now a common business practice which further complicates the issues of organizations protecting their most critical assets. This is due in part to the fact that our perimeter has dramatically expanded, and with a silver lining, kind of disappeared at the same time. No longer is protecting everything on the inside enough – companies are lifting and shifting workloads and critical assets from on premise, to the cloud and back again to match the needs of the users and services that require them.

New security gaps are constantly being created due to new ways of working in a hybrid environment. Cyber attackers take advantage of this change to obtain the initial foothold and breach an organization leveraging misconfigurations, overly permissive identities, vulnerabilities, and human errors.

But it’s clear why everyone is moving to the cloud. It offers increased agility, improved ability to collaborate, there’s a minimal IT infrastructure to manage, evergreen services (particularly SaaS), predictable pricing, and it has the potential for increased automation. Research is showing that 90% of organizations are actually going to be using multi-cloud or have some type of hybrid strategy by 2022. Chances are you are already using the cloud and if not are on your way to it.

No matter how you run your organization you can leverage attack path insights to get a clear view into your hybrid cloud security posture. Focusing security efforts during the network propagation phase to disrupt attacks in the making before they happen will yield the greatest return on investments. 

To bridge the gap, XM Cyber has published in collaboration with the UK Chapter of the Cloud Security Alliance, a practical whitepaper that explores the necessity of attack path management for today’s hybrid cloud. We talk through the importance of understanding the attack paths a motivated attacker can use to try and compromise your on-premise, multi-cloud, and hybrid environments.  Understanding the attack path enables organizations to identify potential choke points, monitoring requirements and architectural weaknesses that can be addressed in order to improve their overall security posture.


The most influential change that will help improve your hybrid cloud security posture is using the attacker’s perspective to see the attack before it happens by mapping all possible attack paths and getting a clear view of the security posture across your hybrid cloud ecosystem. Focusing in on the key intersections where multiple attack paths converge to exploit a critical asset, offers more actionable intelligence then receiving a simple vulnerability alert about a single component with a high CVSS score assessed using the Common Vulnerability Scoring System (CVSS). Without the insights of attack paths threat actors take, and how they can compromise your critical assets, it’s difficult to retain a high security posture and keep an upper hand against your adversaries.

Get the whitepaper  “The necessity of Attack Path Management for the Hybrid Cloud” now and get the best practices to protect your organization from cyberattacks and increase security posture.

Michael Greenberg

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.