# Standards and References - XM Cyber Attack Path Analysis

## XM Cyber Resources
- XM Cyber Platform: https://xmcyber.com/
- 2024 State of Exposure Management Report: https://info.xmcyber.com/2024-state-of-exposure-management
- CTEM (Continuous Threat Exposure Management): https://xmcyber.com/ctem/
- XM Cyber EASM Integration: https://xmcyber.com/press-release/xm-cyber-unifies-external-discovery-with-internal-validation/

## Industry Frameworks
- **Gartner CTEM**: Continuous Threat Exposure Management framework (2022)
- **MITRE ATT&CK**: Lateral movement and privilege escalation techniques
- **NIST CSF 2.0**: Identify, Protect, Detect functions
- **CIS Controls v8.1 Control 7**: Continuous Vulnerability Management

## Research Findings (2024)
| Metric | Finding |
|--------|---------|
| Avg exposures per org | ~15,000 |
| CVE-based exposures | < 1% of total |
| Misconfiguration exposures | ~80% |
| Identity/credential exposures | ~40% |
| Critical choke points | 2% of all exposures |
| On-prem to cloud pivot | 70% of organizations |
| Cloud assets compromised in 2 hops | 93% |

## Related Technologies
- BloodHound/SharpHound: Active Directory attack path analysis
- PurpleKnight: AD security assessment
- CrowdStrike Falcon Exposure Management
- Tenable Identity Exposure
- Microsoft Defender for Identity