mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-14 06:54:57 +03:00
mukul975
32 lines
1.3 KiB
Markdown
32 lines
1.3 KiB
Markdown
# Standards and References - XM Cyber Attack Path Analysis
|
|
|
|
## XM Cyber Resources
|
|
- XM Cyber Platform: https://xmcyber.com/
|
|
- 2024 State of Exposure Management Report: https://info.xmcyber.com/2024-state-of-exposure-management
|
|
- CTEM (Continuous Threat Exposure Management): https://xmcyber.com/ctem/
|
|
- XM Cyber EASM Integration: https://xmcyber.com/press-release/xm-cyber-unifies-external-discovery-with-internal-validation/
|
|
|
|
## Industry Frameworks
|
|
- **Gartner CTEM**: Continuous Threat Exposure Management framework (2022)
|
|
- **MITRE ATT&CK**: Lateral movement and privilege escalation techniques
|
|
- **NIST CSF 2.0**: Identify, Protect, Detect functions
|
|
- **CIS Controls v8.1 Control 7**: Continuous Vulnerability Management
|
|
|
|
## Research Findings (2024)
|
|
| Metric | Finding |
|
|
|--------|---------|
|
|
| Avg exposures per org | ~15,000 |
|
|
| CVE-based exposures | < 1% of total |
|
|
| Misconfiguration exposures | ~80% |
|
|
| Identity/credential exposures | ~40% |
|
|
| Critical choke points | 2% of all exposures |
|
|
| On-prem to cloud pivot | 70% of organizations |
|
|
| Cloud assets compromised in 2 hops | 93% |
|
|
|
|
## Related Technologies
|
|
- BloodHound/SharpHound: Active Directory attack path analysis
|
|
- PurpleKnight: AD security assessment
|
|
- CrowdStrike Falcon Exposure Management
|
|
- Tenable Identity Exposure
|
|
- Microsoft Defender for Identity
|