Review & Remediate Attack Path Risks
Implementation Effort: Medium — Reviewing and remediating attack paths requires cross-team collaboration, access to security insights, and the ability to apply configuration or access control changes across multiple services.
User Impact: Low — These remediations are handled by administrators and security teams, with no direct impact on end users.
Overview
Microsoft Defender for Cloud includes Attack Path Analysis, a feature that identifies and prioritizes potential attack paths across services like App Service, Key Vault, and Resource Manager. These paths represent chains of misconfigurations or vulnerabilities that attackers could exploit to move laterally or escalate privileges within your Azure environment.
How It Works
Defender for Cloud uses a context-aware risk engine to analyze your environment and highlight the most critical attack paths. These paths are visualized in the Attack Path Analysis blade, where each node represents a resource or risk factor, such as:
- Publicly exposed App Services with weak authentication.
- Key Vaults accessible from untrusted networks.
- Resource Manager operations performed by overly privileged identities 1 2.
Steps to Review and Remediate
-
Access Attack Path Analysis:
- Go to Microsoft Defender for Cloud > Attack path analysis.
- Review the list of active attack paths and affected resources 1.
-
Investigate Each Path:
- Select an attack path and drill into each node.
- Use the Insight tab to understand the context and risk.
- View associated Recommendations for each node 1.
-
Remediate Risks:
These actions align with the "Assume Breach" principle of Zero Trust by proactively identifying and mitigating paths an attacker could exploit. Ignoring attack path risks can leave your environment vulnerable to lateral movement, privilege escalation, and data exfiltration.