Learn how Attack Path Prediction detects attack paths before the paths are exploited.
Attack Path Prediction uses threat detection, behavior analysis, vulnerability and
misconfiguration scanning and asset relationships and profile analysis to predict
potential attack paths. Generative AI helps determine the assets most likely to be
used as entry points, which assets are likely targets, what specific path an attacker
may take, and the steps needed to remediate the assets. All attack paths must contain:
-
A potential threat source
-
Vulnerable assets
-
A potential path for lateral movement
-
Assets likely to be targeted
To learn more, see Attack path components.
Below is an example of a potential attack path detected by Attack Path Prediction.
-
Threat source and potential lateral movement path:
-
A server on the network is exposed to the internet and contains a known vulnerability and a misconfiguration.
-
An "administrator" user has a relationship with the server allowing the user to sign in to the system.
-
The "administrator" user is assigned the "global admin" role, allowing the user full system privileges.
-
The global admin role can view and edit a highly critical user account.
-
-
Likely attack path:
-
Attackers access the server from the internet and exploit the vulnerability to gain network access.
-
The attackers use the administrator credentials to sign in and assume the "global admin" role.
-
With full system privileges, the attackers can compromise the critical user account and potentially steal data or move deeper into the network.
-
-
Remediation steps:
-
Patch the vulnerability on the server and update the system.
-
Configure proper access controls on the server.
-
Enable multi-factor authentication for accounts and enforce least-privilege access.
-
Monitor user roles and permissions to prevent unauthorized escalation of privileges.
-