Start thinking in graphs: using graphs to address critical attack paths in a Microsoft cloud tenant

Abstract

AbstractThe challenge of securing IT environments has reached a new complexity level as a growing number of organisations adopt cloud solutions. This trend increases the possibility of overseen attack paths in an organisation’s IT infrastructure. This paper proposes a methodology for assessing the security of a Microsoft cloud tenant based on the relationships between different cloud entities through the use of graphs. This paper argues for using graph theory as an effective method to understand and uncover complex entity attack paths. To achieve this, we implemented a graph analytics platform using data from a Microsoft cloud test tenant. Methods based on graph theory proved to measurably reduce possible attack paths. Our research can support defenders who want to better understand the interrelationships of Microsoft cloud entities as well as identify and remediate possible attack paths.