The Attack Vector Series

The Attack Vector series provides a detailed examination of common and emerging threat vectors that are increasingly being exploited by threat actors and used in attacks on organizations. The purpose of the series is to arm IT leaders with the insights and best practices they need to better manage cyber risk.

The series consists of 4 books:

• Identity Attack Vectors (2024, 2020) – The first edition (2020) details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organizations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program. The revised second edition (2024) expands on these areas to uncover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization, and how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate modern identity threats across an organization's entire Identity Fabric.
  
• Cloud Attack Vectors (2022) – Details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and how to improve detection of malicious activity.
• Privileged Attack Vectors (2020, 2017) – The first edition (2017) details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials. The revised and expanded second edition (2020) also covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least-privilege endpoint management and privileged remote access.
• Asset Attack Vectors (2018) – Details how to build an enterprise-class vulnerability management program, drawing on proven techniques for threat analysis, risk measurement, and regulatory reporting. Asset Attack Vectors also outlines practical service level agreements (SLAs) for vulnerability management and patch management.

Strategically Designing and Implementing Identity Security

"It is easier for a threat actor to login versus hack in." --Morey J. Haber, Identity Attack Vectors

Who This Book Is For:

Management and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program, manage privileges in these environments, and harden their identity attack surface.

What you'll learn:

• The concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector
• How to implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts
• Where identity security controls play a part in the cyber kill chain and how privileges should be managed as a potential weak link
• How to build upon industry standards and strategies, such as Zero Trust, to integrate key identity security technologies into a corporate ecosystem
• How to plan for a successful identity and access security deployment based on real-world strategies to prevent identity attack vectors

Authored by: Morey J. Haber and D. Rolls

Building Effective Cyber-Defense Strategies to Protect Cloud Resources

"No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity." --Morey J. Haber, Cloud Attack Vectors

Building Effective Cyber-Defense Strategies to Protect Organizations

"Privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization." --Morey J. Haber, Privileged Attack Vectors

Building Effective Vulnerability Management Strategies to Protect Organizations

"In the modern enterprise, everything connected to the network is a target." --Morey J. Haber, Asset Attack Vectors

Who this book is for

New and intermediate security management professionals, auditors, and information technology staff looking to build an effective vulnerability management program and defend against asset-based cyberattacks.

What you’ll learn:

• How to create comprehensive assessment and risk identification policies and procedures
• How to implement a complete vulnerability management workflow in nine easy steps
• The implications of active, dormant, and carrier vulnerability states
• How to develop, deploy, and maintain custom and commercial vulnerability management programs
• The best strategies for vulnerability remediation, mitigation, and removal
• Hot to automate credentialed scans that leverage least-privilege access principles
• Read real-world examples from case studies that share successful strategies and reveal potential pitfalls.

Authored by: Morey J. Haber and B. Hibbert

New Identity Attack Vectors Book: A Q&A With The Authors

In this Q&A style blog, we sit down with authors of the latest second edition of Identity Attack Vectors, Morey and Darran, to explore the thought process that went into the writing of the book—and to learn more about why detecting and defending against identity threats should be the basis of all modern cybersecurity initiatives. Read on to hear from Morey and Darran exploring how identity security has emerged as a cornerstone of modern enterprise security, and much more.

Identity Attacks: The New Frontier of Cybersecurity

In this session, join BeyondTrust’s Chief Security Advisor, Morey Haber and Founder of Cloud 10, Darran Rolls authors of the second edition of "Identity Attack Vectors," as they delve into the evolving landscape of identity-based threats and explore practical strategies for defense.

Inside Cloud Security Threats and Attack Vectors

An interview with the authors of Cloud Attack Vectors

The shift to the cloud in enterprise computing has contributed to an evolution of the cybersecurity landscape—one that has pushed it well beyond the boundaries of the traditional perimeter. Work from anywhere, shadow cloud IT, overextended VPNs and remote access—these new challenges are all contributing to a continuous and exponential increase of attack vectors that are adding to the threats organizations have been battling against for years. Read on for a conversation with the authors as we explore the thought process that went into the writing of the book.

Cloud Attack Vectors: Build Cyber-Defense Strategies to Protect Cloud Resources

In this webcast session, cybersecurity experts and co-authors of Cloud Attack Vectors offer best practices for addressing cloud attack vectors. Learn cutting-edge strategies for building the optimal cloud defense for your organization’s unique cloud environment.

Identity Attack Vectors Book Pairs Insights from Two IT Security Leaders

An overview of Identity Attack Vectors

Almost every successful (that means the threat actors win) cyberattack today exploits identity as an attack vector. In particular, privileged access management (PAM)—a key component of identity and governance administration (IGA)—plays a critical role in the attack chain. While part of the identity security challenge is technological, another part is organizational. At many enterprises, identity management and security run as parallel and separate entities, each with their own teams, budgets, and priorities. Read this blog for key highlights from the book and an overview of what organizations need to do to ensure the most basic levels of security for corporate identities and assets.

New Privileged Attack Vectors Book: Q&A with Author Morey Haber

An interview with the Author of Privileged Attack Vectors

While privileged access posed a security threat for decades, it’s only in the last 5-7 years that the privileged attack surface has exploded and become the most dangerous IT security threat. Yet, a knowledge gap existed with regards to understanding the scope of privileged threats and how to programmatically address that prodigious risk. In the completely revised and expanded second edition of Privileged Attack Vectors reflects the significantly changing world of Privileged Access Management (PAM). Read on for a summary of what is covered in the latest edition of the book, followed by an insightful Q&A on the book, cybersecurity and PAM trends, and more with the author himself!

New Book "Asset Attack Vectors"... And How to Prepare the Right Defensive Strategies

Today’s network environments are dynamic and perimeters are expanding, requiring multiple layers of defense to mitigate vulnerabilities and stop data breaches. In the modern enterprise, everything connected to the network and cloud is a target. In Privileged Attack Vectors, Morey Haber and Brad Hibbert explain how to build an effective vulnerability management strategy to protect an organization’s assets, applications, and data. Read this blog for an overview of the book and the key highlights that can help you build a vulnerability management program designed to work in the modern threat environment.