Layering on XM Cyber attack path visibility provides actionable detail to help customers prioritize their remediation efforts and quickly respond to protect critical resources
Prioritized High Impact Risk in AWS Security Hub
Migrating to and maintaining a hybrid cloud environment continues to be challenging from a cybersecurity point of view. New security gaps are constantly being created due to new ways of working in a hybrid network environment. Cyber attackers take advantage of this change to obtain the initial foothold and breach an organization leveraging misconfigurations, overly permissive identities, vulnerabilities, and human errors.
It’s important to implement cloud-based vulnerability assessment tools to strengthen the core of your security in the cloud. In order to gain the upper hand against threat actors, organizations should also include the adversarial context in their security arsenal. By understanding the true risk of a vulnerability as it relates to an exploitable attack path, you can reduce the risk it holds to your organization’s critical assets and prevent an attacker from compromising your network and moving laterally.
In an ever-changing elastic environment, it is crucial to prioritize high impact risks and know what to fix first. XM Cyber partnered with Amazon Web Services to help organizations proactively manage cloud security and accelerate digital transformation. XM Cyber is now an AWS Select Technology Partner by integrating the XM Cyber Exposure Management Platform with Amazon Inspector.
The XM Cyber Exposure Management integration with Amazon Inspector
The XM Cyber Exposure Management platform integration with Amazon Inspector identifies all cyber exposures, vulnerabilities and prioritizes high impact risks. In addition, API attacks are now a threat vector many companies are facing. Due to the scale and number of configurations for AWS, understanding the risk from the configurations and changes to the cloud policies is imperative. XM Cyber can identify for customers how an attacker can elevate privileges in the cloud.
The discovery is done across AWS customers’ EC2 Instances by enhancing the discovery with the adversarial context layer from XM Cyber. This continuous attack insight & attack surface context delivers quick results on what to fix first by prioritizing risks to critical assets to provide the new breed in security posture management.
XM Cyber provides specific context around the potential paths that attackers might take to reach an organization’s critical asset and pinpoints key intersections that multiple attack paths can flow through to then prescribe guidance to mitigate the risk in the most cost-effective manner. This data is then funneled to AWS Security Hub in a common format, enabling customers to take immediate action to address the riskiest vulnerabilities first.
Key Benefits of the XM Cyber Exposure Management Platform:
Reveal the chain of attack in the context of your critical assets
Know how you could be attacked from on-premise to the cloud and back again
Continuous visibility of new exposures
Pinpoint what to remediate first to mitigate risk most efficiently
XM Cyber and Amazon Inspector – How we have helped
Reinforce AWS Security with Continuous and Automated Mitigation of Hybrid Cyber Risk
ATTACK PATH INSIGHT – Feed Amazon Inspector users with a map outlining all the ways that attackers can compromise critical assets through lateral movement across on-premise, cloud and hybrid networks.
PRIORITIZATION – Prioritize the vulnerabilities that have the highest risk impact to your critical assets for cost-effective and rapid remediation
PINPOINT HIGH RISK – Identify the specific points within the network that allow for maximum risk reduction with minimum effort and disruption. This data is then funneled to AWS Security Hub which performs security best practice checks, aggregates alerts, and enables automated remediation
GUIDED REMEDIATION – XM Cyber continuously provides enriched data to AWS Security Hub with guided remediation steps, enabling customers to take immediate action to address the riskiest vulnerabilities first
How the integration works
XM Cyber Exposure Management Platform listens to AWS Security Hub specifically for Amazon Inspector events. It proactively and continuously identifies cyber exposures as new workloads are deployed, illuminating high risk weaknesses such as misconfigurations, vulnerabilities, overly permissive identities and more, that combined together enable the execution of multiple attack paths towards critical assets that often originate from threats outside the cloud. The platform then
correlates Inspector findings with XM Cyber’s Exposure Management tool to show all risks towards critical assets. By ingesting information from a variety of data sources XM Cyber provides a clear visibility and context of all exposed issues that lead to critical assets, resulting in improved vulnerability prioritization.
Based on Amazon Inspector vulnerability findings, XM Cyber enriches the data by modeling attack paths from high-risk devices towards critical assets and pinpoints key intersections multiple attack paths can flow through, aka choke points. Focusing on the highest impact risks first, organizations can reduce their attack surface in the most cost-effective manner. XM Cyber prioritizes risks based on the complexity of the attack, ie. how many steps it takes to compromise a critical asset and how many attack paths pass through them. By remediating the exposures on the choke points, you mitigate the risk that can compromise your critical assets,
driving focused, timely and resource- efficient remediation efforts. XM Cyber continuously provides enriched data to AWS Security Hub in a common format, enabling customers to automate immediate action to address the riskiest vulnerabilities first.