{"id":1417,"date":"2025-02-12T14:01:29","date_gmt":"2025-02-12T12:01:29","guid":{"rendered":"https:\/\/www.jussimetso.com\/?p=1417"},"modified":"2025-05-25T17:17:59","modified_gmt":"2025-05-25T14:17:59","slug":"defender-for-cloud-part-6-attack-path-analysis","status":"publish","type":"post","link":"https:\/\/www.jussimetso.com\/index.php\/2025\/02\/12\/defender-for-cloud-part-6-attack-path-analysis\/","title":{"rendered":"Defender for Cloud &#8211; Part 6: Attack Path Analysis"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"1417\" class=\"elementor elementor-1417\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7723b44 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7723b44\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4b9903f\" data-id=\"4b9903f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b3e087d elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"b3e087d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;],&quot;exclude_headings_by_selector&quot;:[],&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;marker_view&quot;:&quot;numbers&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<h4 class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/h4>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__b3e087d\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__b3e087d\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__b3e087d\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-647a3d4 elementor-widget elementor-widget-text-editor\" data-id=\"647a3d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>I wrote first time of Attack Path analysis when <a href=\"https:\/\/www.jussimetso.com\/index.php\/2023\/01\/11\/cloud-security-posture-management-cspm-and-some-of-its-features\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Defender CSPM<\/span><\/a> plan was in public preview in January 2023.<\/p><div class=\"elementor-element elementor-element-5ec0c7c elementor-widget elementor-widget-text-editor\" data-id=\"5ec0c7c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\"><p>\u00a0<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e4413ca elementor-widget elementor-widget-heading\" data-id=\"e4413ca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What are the attack paths<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-077b086 elementor-widget elementor-widget-text-editor\" data-id=\"077b086\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>The attack path<\/strong> is a series of steps a potential attacker uses to breach your environment and access your assets.<\/p><p>An attack path starts at an entry point, such as a vulnerable resource. The attack path follows available lateral movement within your multicloud environment, such as using attached identities with permissions to other resources.<\/p><p>The attack path continues until the attacker reaches a critical target, such as databases containing sensitive data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bcf8978 elementor-widget elementor-widget-image\" data-id=\"bcf8978\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"mdc_attach_path_uusi\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTg3NSwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDJcL21kY19hdHRhY2hfcGF0aF91dXNpLnBuZyJ9\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"640\" height=\"141\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?fit=640%2C141&amp;ssl=1\" class=\"attachment-large size-large wp-image-1875\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?w=1584&amp;ssl=1 1584w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?resize=300%2C66&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?resize=1024%2C226&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?resize=768%2C169&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?resize=1536%2C338&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?resize=850%2C187&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attach_path_uusi.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Click to enlarge<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ae91658 elementor-widget elementor-widget-text-editor\" data-id=\"ae91658\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The attack path analysis for this case is:<\/p><p><span class=\"OJQAY\">An Azure virtual machine has high severity vulnerabilities which allows remote code execution. The Azure VM can authenticate as an Azure Managed Identity. The managed identity has permissions to read data from the key vault. <\/span><\/p><div><div id=\"text-8cde638b-9636-4dbf-adb6-73734e51627c\" class=\"OJQAY\">1- Attacker with network access to the VM can exploit the vulnerabilities and gain control on it<br \/>2- Attacker can authenticate as the managed identity<br \/>3- Attacker can use the identity to steal keys &amp; secrets from the key vault<br \/>4- Attacker can steal keys &amp; secrets from the Azure Key Vault<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e5cb194 elementor-widget elementor-widget-heading\" data-id=\"e5cb194\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The Attack path analysis is<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e01aba3 elementor-widget elementor-widget-text-editor\" data-id=\"e01aba3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5ec0c7c elementor-widget elementor-widget-text-editor\" data-id=\"5ec0c7c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\"><div class=\"elementor-widget-container\"><p><strong>The Attack path analysis<\/strong> is a graph-based algorithm that scans the cloud security graph. The scans expose exploitable paths that attackers may use to breach your environment to reach your high-impact assets. Attack path analysis exposes those attack paths and suggests recommendations as to how best remediate the issues that will break the attack path and prevent successful breach.<\/p><p>By taking your environment\u2019s contextual information into account such as internet exposure, permissions, lateral movement, and more, attack path analysis identifies issues that may lead to a breach on your environment, and helps you to remediate the highest risk ones first.<\/p><p>By default attack paths are organized by risk level. The risk level is determined by a context-aware risk-prioritization engine that considers the risk factors of each resource.<\/p><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9948259 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9948259\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9333141\" data-id=\"9333141\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1d02d5e elementor-widget elementor-widget-heading\" data-id=\"1d02d5e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The overlook<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77214a6 elementor-widget elementor-widget-text-editor\" data-id=\"77214a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If we overlook the previous image we see three nodes in the attack path which are virtual machine, managed identity and the key vault.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e1854d0 elementor-widget elementor-widget-heading\" data-id=\"e1854d0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">The Entry point: virtual machine<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-17cedf4 elementor-widget elementor-widget-text-editor\" data-id=\"17cedf4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In this case the virtual machine has vulnerabilities in its OS and application level which allow attacker to use certain vulnerability to enter to the virtual machine. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cc53408 elementor-widget elementor-widget-image\" data-id=\"cc53408\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_recommedations.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"mdc_attack_path_vm_recommedations\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTg3NiwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDJcL21kY19hdHRhY2tfcGF0aF92bV9yZWNvbW1lZGF0aW9ucy5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"300\" height=\"107\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_recommedations.png?fit=300%2C107&amp;ssl=1\" class=\"attachment-medium size-medium wp-image-1876\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_recommedations.png?w=661&amp;ssl=1 661w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_recommedations.png?resize=300%2C107&amp;ssl=1 300w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Click to enlarge<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4427536 elementor-widget elementor-widget-image\" data-id=\"4427536\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_vulns.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"mdc_attack_path_vm_vulns\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTg3NywidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDJcL21kY19hdHRhY2tfcGF0aF92bV92dWxucy5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"249\" height=\"300\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_vulns.png?fit=249%2C300&amp;ssl=1\" class=\"attachment-medium size-medium wp-image-1877\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_vulns.png?w=790&amp;ssl=1 790w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_vulns.png?resize=249%2C300&amp;ssl=1 249w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_vulns.png?resize=768%2C925&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_vm_vulns.png?resize=300%2C362&amp;ssl=1 300w\" sizes=\"(max-width: 249px) 100vw, 249px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Click to enlarge<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8c65434 elementor-widget elementor-widget-text-editor\" data-id=\"8c65434\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>By remediating those vulnerabilities on entry point virtual machine this attack path is remediated.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c896bd1 elementor-widget elementor-widget-heading\" data-id=\"c896bd1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">The target: key vault<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92e7f1b elementor-widget elementor-widget-text-editor\" data-id=\"92e7f1b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Key vault has tagged as Critical Asset. Of course it has it&#8217;s own security remediations like &#8220;use private endpoint&#8221; to access it.<\/p><p>And because key vault is tagged as Critical asset, it&#8217;s more interesting to attacker.<\/p><p>In this case the attacker have the the straight route from virtual machine to the kev vault using the <a href=\"https:\/\/attack.mitre.org\/tactics\/TA0008\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">lateral movement (TA0008)<\/span><\/a> method. (the link goes to mitre attack framework)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d7c3070 elementor-widget elementor-widget-image\" data-id=\"d7c3070\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_keyvault.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"mdc_attack_path_keyvault\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTg3OCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDJcL21kY19hdHRhY2tfcGF0aF9rZXl2YXVsdC5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"208\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_keyvault.png?fit=300%2C208&amp;ssl=1\" class=\"attachment-medium size-medium wp-image-1878\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_keyvault.png?w=669&amp;ssl=1 669w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/02\/mdc_attack_path_keyvault.png?resize=300%2C208&amp;ssl=1 300w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Click to enlarge<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f5bb93 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"9f5bb93\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e1de3d elementor-widget elementor-widget-heading\" data-id=\"5e1de3d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Conclusion<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c59c60f elementor-widget elementor-widget-text-editor\" data-id=\"c59c60f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>It&#8217;s essential to the cloud security to fix those software vulnerabilities or other configuration mistakes because they expose systems to the possible attackers.<\/p><p>I have seen many times that this is kind of bottleneck in companies with or without using service provider.<\/p><p>This should be prioritized job and it can be automated if you are really interested.\u00a0 But of course it costs money to build the management but after that it works like trains wc (finnish saying).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9208595 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"9208595\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2e032ad8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2e032ad8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-57135488\" data-id=\"57135488\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5c41f562 elementor-widget elementor-widget-heading\" data-id=\"5c41f562\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The parts of the MDC blog series<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-482a59d1 elementor-widget elementor-widget-text-editor\" data-id=\"482a59d1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e84b670 elementor-widget elementor-widget-heading\" data-id=\"e84b670\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\u00a0<\/div><div class=\"elementor-element elementor-element-e246c31 elementor-widget elementor-widget-text-editor\" data-id=\"e246c31\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\"><div class=\"elementor-widget-container\"><ul><li><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/01\/20\/microsoft-defender-for-cloud-the-blog-series-part-0-introduction\/\" target=\"_blank\" rel=\"noopener\">Part 0: Microsoft Defender for Cloud \u2013 The EPIC blog series \u2013 introduction<\/a><\/span><\/li><li><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/01\/25\/microsoft-defender-for-cloud-the-blog-series-part-1-getting-started\/\" target=\"_blank\" rel=\"noopener\">Part 1: Getting started aka Setup<\/a><\/span>\u00a0<strong><br \/><\/strong><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/06\/22\/defender-for-cloud-part-2-the-asset-inventory\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 2: The Asset Inventory\u00a0<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/06\/22\/defender-for-cloud-part-3-security-posture\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 3: Security posture<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/08\/24\/defender-for-cloud-part-4-security-recommendations\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 4: Security recommendations<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/08\/31\/defender-for-cloud-part-5-security-alerts\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 5: Security alerts<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/02\/12\/defender-for-cloud-part-6-attack-path-analysis\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 6: Attack path analysis<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/02\/22\/defender-for-cloud-part-7-cloud-security-explorer\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 7: Cloud security explorer<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/03\/07\/defender-for-cloud-part-8-workbooks\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 8: Workbooks<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/03\/13\/defender-for-cloud-part-regulatory-compliance\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 9: Regulatory compliance<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/04\/24\/defender-for-cloud-part-10-cloud-workload-protection-cwp\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 10: Workload protections<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/05\/10\/defender-for-cloud-part-10-5-cwp-advanced-protection\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">part 10.5: Advanced Workload protection<\/span><\/a><\/li><li><a href=\"https:\/\/www.jussimetso.com\/index.php\/2025\/05\/27\/defender-for-cloud-part-11-data-and-ai-security\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Part 11: Data and AI security &#8211; The end of the series<\/span><\/a><\/li><\/ul><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1991c3d5 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"1991c3d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-222299db elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"222299db\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7e7a2bb2\" data-id=\"7e7a2bb2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4fc9959e elementor-widget elementor-widget-author-box\" data-id=\"4fc9959e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-author-box\">\n\t\t\t\t\t\t\t<div  class=\"elementor-author-box__avatar\">\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/07\/jussi_06_2024.jpg?fit=262%2C300&#038;ssl=1\" alt=\"Picture of Jussi Metso\" loading=\"lazy\">\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<div >\n\t\t\t\t\t\t<h6 class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tJussi Metso\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. <\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Defender for Cloud Attack path analysis addresses security issues that pose immediate threats and have the greatest potential for exploitation in your environment. Defender for Cloud analyzes which security issues are part of potential attack paths that attackers could use to breach your environment.<\/p>\n","protected":false},"author":1,"featured_media":1873,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[9],"tags":[36,40],"class_list":["post-1417","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defender-for-cloud","tag-cloudsecurity","tag-mdcseries"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/08\/mdc_series_6.png?fit=726%2C369&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pes24X-mR","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/1417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/comments?post=1417"}],"version-history":[{"count":29,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/1417\/revisions"}],"predecessor-version":[{"id":2458,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/1417\/revisions\/2458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media\/1873"}],"wp:attachment":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media?parent=1417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/categories?post=1417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/tags?post=1417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}