Is Attack Path Mapping Part of Your Cyber Security Strategy?

How to cut your pentesting budget in half while increasing the value ten-fold

For decades, organizations have been relying on penetration testing to find vulnerabilities that could be exploited by adversaries. But as cyber criminals become more entrepreneurial and disruptive in their nature of attack - your defensive strategy should equally become more thorough, sophisticated and robust.

In this blog we’ll explore:

• What Attack Path Mapping is and how it differs from Penetration Testing
• How it works
• Why it should be a part of your cyber strategy

What is Attack Path Mapping and how does it differ from pentesting?

Pentesting typically uses an open-ended scope and relies on the realism of a ‘zero-knowledge’ approach to discover a subset of potential vulnerabilities and attempt to chain potential exploits together in a fixed time frame. In this pursuit of parity with what a real-world attacker would have, pentests often miss out on the larger context of an organization’s most relevant threat vectors, and only provide a narrow window of vision to your overall risk with one or two attack-paths. Time is not a limiting factor to a modern threat actor; if you have something they want, they’ll study when to strike at the most optimal and opportunistic moment. They’ll often have several compromising routes and techniques plotted too, underlining the increasing importance of chaining tests.

But the good news is there’s a new type of security testing called ‘Attack Path Mapping’ (APM) and it goes above and beyond the typical scanning and testing services you may be receiving without always having to invest in a full simulated attack exercise (Red Teaming).

APM illustrates multiple paths an attacker could take to fully compromise your environment. It allows you to collaborate with us to list and execute specific tests that measures your resilience to compromising attack paths. The key difference is that APM builds its value on your knowledge of your greatest cyber risks, and our ability to map multiple attack paths to those risks.

As you can see above, APM strives to show you all the ways a hacker could “get in, move through, and get out” of your network. This reveals more vulnerabilities than pentesting alone, and helps your organization prioritize which vulnerabilities to fix first and how to disrupt the most dangerous and impactful of attack chains.

How Attack Path Mapping works

APM combines the tactics of pentesting with the goal-oriented approach of attack simulations. The key phases include:

In Phase

Identify how hackers gain initial access to your network through tactics like phishing emails. Tests entry points like email, VPNs, cloud apps, and public web apps.

Through Phase

Map how hackers could escalate privileges and move laterally between systems once inside your network. Reveals vulnerabilities hackers use to expand access.

Out Phase

 Determine how hackers could steal data or disrupt operations to achieve their objectives. Focuses on vulnerabilities that lead to data exfiltration, command and control, and other critical impacts.

Before getting started, our experts will consult with your team to learn what scenarios concern you the most. No one knows your environment more than you do, and by building the scenarios and pathways together, we can overcome that time constraint of a traditional pentest. Once we’ve drafted these plans, we’ll continue a cadence of communication with your team to ensure you understand the technical details of the pathways as we build them. As we collaborate throughout each of the key phases, we’ll incorporate the latest external Threat Intelligence and Online Exposure Monitoring (OXM - surface, dark and deep web) into the APM exercise and factor in your deep, inside knowledge of your organization’s culture, systems and operations.

Why Attack Path Mapping should form part of your cyber security strategy

Mapping full attack chains reveals vulnerabilities you may not even know existed inside your network. And it exposes complex multi-step paths hackers could follow that point-in-time pentests would likely miss.

With Attack Path Mapping from NCC Group you receive:

• Experienced APM practitioners who manage the exercise and process from start to finish - using a combination of AI/automation technologies and human expertise
• Visibility of your network through a “hacker’s eyes” to reveal overlooked weak spots
• Prioritization of which vulnerabilities to fix first, so you’re able to stop the most dangerous attacks
• Documentation of key controls that act as choke points to blocking or detecting attack chains in progress
• Creation of the most accurate simulated attack, with the latest Threat Intelligence and OXM relevant to your sector and location, helping you to maximize investments in your security spend
• Continuous testing collaboration and evolution of defenses against new attack methods

The best form of defence is to know the types of attacks you may face

Today’s hackers carefully research targets before launching stealthy, multi-stage attacks. You can’t afford to rely only on pentesting or wait for a breach to expose these complex flaws. In today’s operating environment where security spend is under close scrutiny alongside rising threats, there also needs to be a pragmatic approach to investment in areas such as Red Teaming or Incident Response Tabletop Exercises.

Attack Path Mapping acts as the cost effective and complementary bridge between testing and simulated attacks. You’ll get to know your full exposure so you can focus your time, effort and defenses to protect what matters most to your organization.