Early Stage Lateral Movement Detection
A breach takes approximately 146 days on average from the initial compromise to detection. The initial breach itself is fairly quick — a user clicks on a phishing link within a email, or opens a document containing a malicious macro, and BAM the attacker is in. From there the attacker moves on to quickly exfiltrating or destroying data. So what are the attackers doing inside your network for the remainder of the time?
After the initial intrusion, the attacker begins the enumeration phase. Scouting out where they are in your network, what privileges the user has, and where they can go. The attacker then begins to hop from system to system, hence the term ‘lateral movement’. Most companies can’t detect lateral movement because it is lost among all the regular traffic of the organization. SIEM and analytics tools have proven inadequate at catching this phase.
It is during this lateral movement phase that the attacker is most vulnerable to detection. They're operating semi-blind in a foreign network, seeking out targets of value. You just need the proper tools to catch them.
SNAP-Defense is the only product on the market that alerts on privileged user activity, giving you the ability to detain an infected asset before the hacker is able to complete his/her mission.
MAJOR ATTACKS USING
Most major breaches involve lateral spread and privileged account compromise. Here are just a few:
Millions of credit and debit card numbers stolen causing millions of dollars worth of damage.
More than 20,000 emails and other documents were hacked in the Democratic National Committee email leak.
143 million American consumers' personal data, including Social Security numbers, were exposed.
about Lateral Movement
What is Lateral Movement?
Lateral movement refers to the techniques cyber attackers use to move through a network as they search for the data and assets that are ultimately the target of their attack campaigns. Hackers first gain access to a privileged user, and from there are able to spread laterally to devices and assets throughout the network - an action that can wipe out a network in seconds.
Detecting Lateral Movement
SNAP-Defense is the first product in its class that will detect hackers before they are able to laterally spread their malware in the network. SNAP accomplishes this by visualizing and tracking every movement within the organization network; privileged user credentials are a hacker's ticket to success, but when you are able to track your privileged user activity this is no longer an issue.
SNAP will alert on suspicious privileged user activity instantly, giving you the opportunity to detain the infected device before it's too late.