An attack path is the flow of interconnected assets, accounts, identities, and/or permissions that an attacker can use to exploit a cloud environment. Akin to a road map, an attack path presents possible lateral movements in the cloud—which could be inside an account, cross-account, cross-provider, or even cross-platform.
The attack paths identified in the Panoptica platform give you full context, so that you can immediately see the impact on your business and prioritize as needed. Panoptica also considers the criticality of connected assets and whether they are public-facing or have over-permissive policies that could increase the severity of their exploitation. By better understanding the root cause of your risks and their connections to one another as visualized by an attack path, you can remove the guesswork, and effectively resolve multiple security threats in one action.
Go to the Attack Path Analysis tab under Threats & Vulnerabilities to view potential attack paths that Panoptica has identified in your environment.
Use the Top Bar Filter to filter the findings by Scope, and Account using the drop-down lists at the top. You can also select the time frame during which the security finding was last seen.
You can further filter the results by one of the fields in the Filters drop-down box:
- Resource type
- Service Name
Type into the Search bar to filter by text in the Attack Path Name or Risk Overview. You can select multiple filters at a time.
The table on the Attack Path Analysis tab displays potential attack paths that Panoptica has identified in your environment. The number of attack paths that have been identified appears at the top of the table.
Click Grouped by to aggregate the results by Unique Attack Path or Risk Category.
Click Sort by to sort the list of attack paths by Score, Attack Path Name, Severity, or Attack Path Category.
The default Graph View displays a visual representation of the path that an attacker could take to exploit a weakness in the system. The graph-based approach facilitates investigation over a timeline, with detailed information about each action’s impact on the risk of the attack path. This approach exposes the real risk of these security findings, as each attack path reflects the probable chain of attack that a malicious actor would likely leverage in the specific environment.
Hover over each icon in the path for additional information about that resource, such as asset details, network exposure, workloads at risk, identity risks, and attack scenario.
Imposed by is the asset on which the attack path was found.
Risk Overview provides a summary of the vulnerability exposed by this attack path
Correlated Risks displays risks that are related to the same root cause. Remediating the root cause will remediate all the correlated risks at the same time.
Remediation provides ready-made steps for correcting the root cause of the vulnerability, such as altering a specific configuration, limiting internet access to an asset, creating new security keys, and more. Remediation is presented as a verbal description of the problem and how to fix it. When relevant, you can also download JSON or Terraform scripts.
Switch to List View via the button at the top of the table to view a list of attack paths in textual form. The columns in the List view are: Score, Attack Path Name, Severity, Attack Path Category, Related Assets, and Labels.
Score shows the risk criticality, on a scale from 0 (Critical) to 100 (Safe). The severity of an attack path is based on that of the assets in that path. For more, see Asset Health Score.
Severity is a color-coded rating of the risk severity, taking into account the ease of an attacker to achieve network access, sensitivity of the end target node, workload configuration issues, permission wildcards, cross account risks, neglected assets in the path, exposed credentials, and more.
Attack Path Categories gives a wider frame for filtering and prioritizing between attack paths. Paths concerning the same general risk will have the same category, and a single path can be labeled with multiple categories if it includes several causes of risk.
Related Assets lists other resources—such as servers, databases, storage buckets, and more—where the same risk has been identified. By exploring this information, you can better understand the spread of security issues across your infrastructure, enabling more targeted remediation efforts.
Click the three dots (•••) to open a drop-down list of actions you can perform on an attack path.
- Select Share Link to generate a URL to this specific attack path, in Graph View
- Select Assign to assign a ticket to any user in Panoptica, and track the progress of remediation efforts.
- Select Create a Ticket to open a ticket in whichever Task Management tool you have configured in Panoptica: Atlassian Jira or ServiceNow. Once created, you can track the status of the ticket directly from Panoptica.
- Select Add to Favorites to bookmark this attack path
- Click Dismiss to acknowledge the risk, and hide alerts related to this attack path.
At the bottom of the Attack Path window, you can define how many items to display on each page, from 5 to 200.
To see an example of an attack path analysis, see Use Case for Attack Path Analysis
For more information on attack paths, see Attack Path Analysis: What It Is and Why You Should Care
Updated 2 days ago