Attack Path Analysis
As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
Attack Path Analysis takes your data and pairs it with advanced graph analytics and the MITRE ATT&CK™ Framework to create Findings. These Findings allow you to understanding and take action on the unknowns that enable and amplify threat impact on your assets and information.
Additionally, you can use the Discover tab to dive deeper into the mind of an attacker by interacting directly with attack paths, building custom paths, and manipulating the origins and targets within a path to view exactly how these changes affect your data.
Before you begin:
Ensure you have the following:
- Tenable.io Basic Network Scan with credentials.
-
One of the following:
-
Tenable.ad SaaS deployed.
-
Tenable.io Active Directory Identity Scan — You can run it separately or via the Basic Network Scan with the Collect Identity Data from Active Directory option enabled in the Discovery section.
-
-
Tenable recommends the following:
-
Have at least 60% of assets scanned via an authenticated scan.
-
Select maximum verbosity in the Basic Network Scan.
-
A scan frequency of at least once a week.
-
To access Attack Path Analysis:
-
In the upper-left corner of the page, click the
button.
-
In the Analytics section, click Attack Path Analysis.
Attack Path Analysis appears. By default, the Findings tab is active.
In Attack Path Analysis, you can: