Attack Graphs: Mapping Every Path an Intruder Could Take

Every network has more vulnerabilities than any team can fix. The honest constraint in security isn't 'find the flaws' — scanners surface thousands — it's 'decide which flaws to fix first,' because resources are finite and not every weakness is equally dangerous. A misconfiguration on an isolated test box and a misconfiguration on a path to the domain controller are not the same problem, even if a scanner scores them identically.

The grant US11252175B2, "Criticality analysis of attack graphs" (issued February 15, 2022, assigned to Accenture Global Solutions Limited), is built to make that prioritization rigorous. Its CPC classifications are tightly focused — H04L 63/1433 and H04L 63/1441, the intrusion-detection and analysis classes — describing a system that reasons about attack paths rather than individual flaws.

“Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge…”— U.S. Patent No. 11,252,175 source

The mechanism worth understanding is the graph. An attack graph models the network as a set of states an attacker could occupy and the moves between them: exploit this, gain that, pivot here. Criticality analysis then asks which nodes and edges sit on the most paths to the most valuable targets — the chokepoints whose closure breaks the largest number of attack routes. Fixing those first buys the most security per unit of effort.

For defenders, the practical takeaway is that vulnerability counts are a poor guide to risk. What matters is reachability and consequence — can an attacker actually get from a foothold to something that matters, and which weaknesses are load-bearing on that journey. Attack-graph analysis reframes patching from a checklist into a triage.

The challenge is keeping the graph accurate as the network changes, since a stale graph prioritizes the wrong things. But the conceptual contribution is durable: it shifts defense from enumerating problems to understanding how problems chain together into a real attack, which is how attackers think and how defenders increasingly have to.