Multidimensional Attack Path Analysis: Eliminating Network Blind Spots:
Cyber attackers invariably exploit the easiest vulnerability to enter your network undetected. But rarely is the initial entry point the intended target. Attackers almost always use a multi-step process for exploiting exposed network pathways to move laterally towards your most valuable data and applications. Within any given network there may be hundreds or even thousands of these network pathways, yet most security and networking teams don’t know what those pathways are much less which ones offer the shortest viable paths that allow attackers to efficiently reach their ultimate target. If you don’t know how your attacker can get there, how do you prioritize protection? What you need is network visibility from the right perspective.
Offensive maps are an extremely valuable tool for analyzing which low-friction network pathways exist between attackers and targets, and anticipating attackers’ next move, given a view of all viable options. That said, when scanning the network for open pathways and trying to understand attackers’ potential actions, most organizations take a one-dimensional view of how to travel from point A to point B. Doing so leaves gaps in visibility.
In this session the speaker will demonstrate how to use DNMap to scan a network to collect data and create files of the results; process those files using Python for graph analysis; then use the open source vulnerability database (OSVDB) to expose viable paths attackers can exploit. All tools demonstrated will be free or open source.
When dealing with immense complexity, as is the case for most network data, being able to localize focus allows for a more thorough analysis of all the viable pathways an attacker may attempt to exploit. This talk will help attendees learn how to unveil points of concern in their networks and answer the questions, “Which network targets do I care about? How do I concentrate massive amounts of data so I can be more prepared?”
This talk will include a demonstration of how to find all possible pathways in a simulated network environment, and how to cull that information to show only viable paths (using scripts and tools already installed on most security practitioners’ machines). The speaker will then share the motivations and practical implications of conducting a multipath attack analysis, giving attendees the information they need to conduct this type of analysis on their own networks when they return to their offices.
Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers and customer-hosting environments for Harvard University, Endeca Technologies (Oracle), American Express, Fidelity UK, Bank of America, and Nike. Most recently, Peter was on the founding team at Infinio Systems where he led product and technology strategy.
Get promotions and special offers directly to your inbox.