Get an inside look into the trending analysis, what’s new & upcoming at Cyentia, watch webinar replays and more! Subscribe to Cyentia Monthly: Cyber Risk Chronicles on LinkedIn or get Cyentia Insights direct to your inbox and be the first to hear about the newest content!

Read the New Blog Post

Email readers got an EXCLUSIVE first look into the new blog post by Wade Baker, Visualizing the Value of Attack Path Choke Points for Prioritization

We at Cyentia Institute had the opportunity to analyze data from millions of attack path assessments conducted by XM Cyber over the last year. I’d like to share a chart from the report we published from that analysis because it touches on a theme I love exploring in cybersecurity management: prioritizing remediation.

Choke Points: From Concept to Data

We found that the typical organization has 11,000 security exposures that attackers could exploit. These are denoted by the gray squares in the figure, each of which represents 10 exposures. The vast majority of exposures are dead ends or don’t put critical assets at risk, which is why we’ve grayed them out.

About 2% (~200) of these exposures are located on choke points – entities through which multiple attack paths converge en route to critical assets.

These “choke points” are colored yellow and red (more on that distinction in a moment). If you’re looking for quick wins to reduce substantial risk, these offer compelling focal points.

Before we had the chance to examine this data, choke points were just an abstract concept to me. I first recall seeing that term in relation to the MITRE ATT&CK projects that include the visual below. But I don’t recall ever seeing any data on the prevalence of chokepoints or common types of them.

Back to the data at hand, the news for beleaguered defenders gets even better! Our analysis reveals that about one in four choke points exposes 10% or more of the critical assets in the environment (red squares). In other words, these exposures put attackers on the fast track to causing major harm to the organization. Prioritizing these critical choke points represents a minimal effort, maximum effect approach that equates to a whopping 99.6% reduction in the scope of remediation!

Read the Full Post   |   Download the full report   |   View webinar recording

What’s Trending at The Cyentia Institute!

Exploit Prediction Scoring System: What’s New & Improved with EPSS V3!

In this talk, we share a bit about the new EPSS updates, discuss the increasing data and partnerships, how we use EPSS and how you can benefit from the Exploit Prediction Scoring System.

Cyentia & CyberTheory Report: CISO Engagement & Decision Drivers Study V2!

The Cyentia Institute and CyberTheory examine engagement across the first three quarters, we can clearly see shifting trends surrounding each topic. Read CISO Engagement and Decision Drivers Study, V2 for more!

Cyentia & XM Cyber Report: Navigating the Paths of Risk!

By focusing on choke points where multiple attack paths converge towards critical assets, your organization can efficiently reduce risk. Learn more about attack paths in our Attack Path Primer from Navigating the Paths of Risk from Cyentia and XM Cyber.

MITRE ATT&CK and VERIS: Our Approach to the Research

Wade Baker & David Severski join us for a dive into our latest foray into the wilds of cyber risk analysis. In this webinar, we shared a bit about our approach to MITRE ATT&CK and VERIS, what we’re learning, and how you can benefit from this research through the IRIS and our customized Risk Retina offerings.

A Deep Dive into Cyber Risk with Wade Baker & Matthew Rosenquist

Join cybersecurity experts Matthew Rosenquist from Eclipz and Wade Baker, PhD co-founder of the Cyentia Institute for an exciting and in-depth analysis of cyber risk.

“2023 is the year of exposure in cybersecurity” ~Wade Baker.

Learn more about the importance of vulnerability management and managing identities in our latest video interview with Information Security Media Group (ISMG) at RSA Conference 2023!  Watch the Recording!

Navigating the Paths of Risk Webinar

Together Wade Baker, PhD and XM Cyber’s SVP Product and Innovation, Menachem Shafran, and VP Research, Zur Ulianitzky  analyze the findings from our latest annual research report, Navigating The Paths of Risk: The State of Exposure Management in 2023.

The Cyentia Institute Library

At the Cyentia Institute, we take pride in delivering the latest insights and most cutting-edge research to our clients. Our research team has been hard at work crafting new original research pieces, but that’s not all we’ve been doing. We’ve also been expanding our research library to offer even more valuable resources to our clients. We invite you to explore our growing library and discover the newest additions, which cover a wide range of topics in the cybersecurity field. Whether you’re seeking in-depth analysis of current cyber threats or best practices for managing your organization’s security, you’ll find it in the Cyentia Institute Research Library!

New Reports Added Daily

Information Risk Insights Study (IRIS)

The Information Risk Insights Study, is dedicated to clearing away these fears by leveraging real-world data and rigorous analysis focused on key aspects and challenges of managing cyber risk. With cyber attacks on the rise, businesses need to take cybersecurity risk management seriously. IRIS Risk Retina offers industry-specific data to help you quantify your organization’s cyber risk. Our family of original research publications is growing still! With full sector reports, report addendums published and more on the way, see what the IRIS has uncovered recently!