Prof Wool: Advanced Cyber Threat and Incident Management

Lesson 2: Bringing Reachability Analysis into Incident Response

Advanced Cyber Threat and Incident Management: Lesson 2

In this lesson Professor Wool discusses the need for reachability analysis in order to assess the severity of the threat and potential impact of an incident. Professor Wool explains how to use traffic simulations to map connectivity paths to/from compromised servers and to/from the internet. By mapping the potential lateral movement paths of an attacker across the network, the SOC team can, for example, proactively take action to prevent data exfiltration or block incoming communications with Command and Control servers.

Learn more about AlgoSec at and read Professor Wool's blog posts at