Stage 1: Initial Access

Stage 1 of the cyberattack lifecycle: Initial Access. The attacker gains a foothold by bypassing perimeter defenses and exploiting human trust, vulnerable services, or exposed applications.

Attacker Goal

Gain initial entry into the network to establish a foothold for further access and reconnaissance.

MITRE ATT&CK Techniques

T1566T1078T1190T1204T1133T1566.002

Stage Description

The attacker gains a foothold by bypassing perimeter defenses and exploiting human trust, vulnerable services, or exposed applications.

Common Entry Vectors

• Phishing emails and malicious links
• Exploited vulnerabilities in public-facing systems
• Weak or reused credentials via VPN, RDP, web portals
• Malicious attachments or browser-based attacks
• Third-party or supply chain compromise

Typical Attacker Actions

• Sends phishing email or lure — tricks user to click link or open attachment
• Exploits exposed service or vulnerability — targets VPN, RDP, or web applications
• Uses stolen or weak credentials — attempts login via VPN, RDP, or portals
• Establishes foothold — gains initial access to internal network
• Tests access and stays hidden — tries to avoid detection and monitoring

What Purim NetGo Delivers at This Stage

• Early Detection — detect attackers at the first sign of entry
• Attack Disruption — trap attackers in deception environments
• High Visibility — full visibility into attacker tactics and behavior
• Context-Rich Alerts — understand who, how, and from where
• Stronger Security Posture — stop attacks before they move deeper