The XM Cyber 2022 Attack Path Management Impact Report

Posted by: Michael Greenberg
April 26, 2022

The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights on the methods, attack paths and impacts of attack techniques that compromise critical assets across on-prem, multi-cloud and hybrid environments, and developed tips for preventing them. 

The Impact report begins with a close look at the methodology of attack paths and then reveals the impact of attack techniques used to compromise critical assets across organizations. It then goes on to share some striking statistics about how exposures across the enterprise lead to critical asset compromise. Analysis covers various environments including on-prem, cloud, multi cloud and hybrid networks to share how attackers are propagating the network.  

The XM Cyber Research Team reveals the impact of compromise and contributes it to the big disconnect which can be represented in just 3 numbers:

  • 94
  • 75
  • 73

Let’s talk about this big disconnect, the disconnect between what you see and what attackers see. Why is it so vast, what is the real challenge? Using your various security solutions in your organization you see misconfigurations, vulnerabilities and mismanaged credentials but you can’t see how they all come together in the eyes of an attacker…to form an attack path across your entire hybrid network…to reach your business-critical assets…at any given moment.

What we discovered was that 94% of critical assets can be compromised in just 4 hops or less from the initial breach point. That’s leveraging just 4 attack techniques with the majority of attacks that take place involving more than just 1 hop to reach an organizations’ critical assets. It is during the network propagation stage, once the attacker is inside the network, that the attacker is trying to connect different vulnerabilities and exploits together to breach critical assets. The disconnect: you can see your cloud security controls, but you can’t see the hidden attack paths between your on-prem and cloud environments 

We then saw that 75% of an organizations’ critical assets can be compromised in their then-current security state, because without seeing how the attacker sees your misconfigurations, vulnerabilities and mismanaged credentials in context to your critical assets, you are simply left exposed. The disconnect: you can see tons of security issues, but you can’t see which ones really matter.

And not so surprisingly, 73% of the top attack techniques used to compromise critical assets involve mismanaged or stolen credentials. In many cases, abused domain credentials give the attacker the initial breach point into your network and allows them to do further reconnaissance, pick a target, and move laterally until they compromise the critical asset. The disconnect: you can see which users potentially need access, but you can’t see which ones can expose your critical assets.

Quick Wins Happen When You Know Where To Break The Attack Path – Download Report Now

Adversaries will often take advantage of multiple vectors when conducting an attack. It’s also important to know that attack vectors may exist even when they appear to be mitigated. For example, creating an extremely strong password won’t help much if you don’t realize that password is available on the dark web, just waiting for an attacker to use it against you. The attack path management platform’s uniqueness is that it can generate many combinations of different attack techniques to create a single attack flow, hence the real number of attack techniques is much larger. Surprisingly, our research showed that organizations have 80% fewer issues to remediate by knowing where to disrupt attack paths.

XM Cyber’s graph-based simulation technology continuously discovers the attack paths that lead to critical assets, enabling full visibility into organizational security posture. This allows users to understand how vulnerabilities, misconfigurations, user privileges etc. chain together to create a cyber-attack path that jeopardizes critical assets.

This is what makes attack path management so helpful – because these same organizations, using all their security tools are not aware of the hidden attack paths that exist between these seemingly unrelated security issues to compromise their critical assets. As mentioned 94% of critical assets can be compromised and only with the adoption of attack path management can we see this and stop it – the value really shows when the XM Cyber Research Team revealed organizations’ have 80% fewer issues to remediate because time and resources are directed and focused on choke points and fixing what matters most. By understanding the attack path you can identify where attack paths converge towards critical assets and direct your remediation efforts there.

Download the XM Cyber 2022 Attack Path Management Impact Report and discover so much more!

Michael Greenberg

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.