Attack Surface Management , Business Continuity Management / Disaster Recovery , Events
Attack Paths: Just 4 Steps Can Compromise 94% of AssetsXM Cyber's Paul Giorgi on Using Attack Path Management to Simulate Break-In Points
Behind every so-called data breach is a more discrete "series of incidents," typically involving attackers or insiders first gaining access to system and then escalating privileges and moving laterally before gaining control of Azure Active Directory, dumping databases, unleashing ransomware or getting up to other unwelcome mischief, says Paul Giorgi, director of sales engineering at XM Cyber.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Based on research conducted by his firm into both on-premises and cloud-based environments, Giorgi says, "We've found that 94% of organizations have the ability to get impacted or to have their critical assets compromised within four steps or less" after an initial breach point. To help address this reality, he says organizations are increasingly turning to the disciple of attack path management to simulate the most likely ways that attackers will break into an environment, to help IT and security teams know which vulnerabilities and other problems they should mitigate first to best reduce their risk.
In a video interview with Information Security Media Group at RSA Conference 2022, Giorgi also discusses:
- The various types of events that can lead to and comprise a data breach;
- How to use attack path management to simulate all of the ways attackers might break in;
- How to prioritize which systems to remediate first.
Giorgi got his start in cybersecurity in the late 1990s by working on multiple contracts with the U.S. government, including with the Department of Defense, that were largely focused on network security. In 2006, he joined FishNet Security, focusing on both sales engineering and solution architecture. Since then he has held a variety of positions - including CTO, solutions director and principal architect - primarily focusing on security architecture design, testing and integration testing, all in pursuit of helping large enterprises combat malware, ransomware and other threats.