Preventing the ability of attackers to perform lateral movement within your network is not only a threat detection function—it’s also a cyber hygiene function. In this blog, we’ll review some of the most common—and invisible—ways that privileged user credentials proliferate in enterprise networks. It’s well understood that domain admin or other high-powered credentials are gold to a cyberattacker. With “keys to the kingdom,” they can move easily and silently from one system to another, change domain attributes, add permissions, change passwords, and connect to any machine in the domain. Most organizations dedicate significant resources to careful management of Active Directory and use various technologies and practices to control access privileges. But our experience shows that even in the most diligent organizations, privileged user credentials are more accessible to attackers than you’d think.
On February 29, 2017 illusive networks received a customer alert and initiated forensic analysis after malicious activity was detected on a certain endpoint in the network. Our Deception Management System identified the malicious activity as Spora, a variant of ransomware, which like Locky, silently encrypts files with selected extensions and then attempts to redeploy itself on additional hosts via elevated privileges. However, with Deceptions Everywhere deployed illusive networks diverted the ransomware from encrypting files on the original host - redirecting the encryption process to deceptive files - and more importantly thwarted the encryption of files located on the company's network shares.
Based on Ponemon Institute research, feedback from over 300 participating companies, the average total cost of a data breach increased from $3.79M to $4M and the number one root cause of data breaches was malicious or criminal attacks. There are hundreds of other IT Security stats just as discouraging, but one thing is consistent across all of these studies; traditional prevention tactics are not enough. Advanced attackers are relentless and their methods evolve faster than legacy technology.
What are the options?
Did you feel that rumble? No, it wasn’t an earthquake. There it is again. It seems to be coming from the Moscone Center. Wow, all the hustle and final preparations for the RSA Conference is certainly making a ruckus!
In one week, thousands of IT Security Professionals invade … I mean … travel to the City by the Bay looking to fulfill their cybertech hopes and dreams. It’s the event where the greatest tech minds come together to network, teach and learn about new solutions. And let’s not forget, it’s the event that has the best chachkies!
RSAC 2017 is finally upon us! Here are five things to keep in mind during the conference. Enjoy!
Cybersecurity start-ups have seen a slowdown from investment firms.
Based on an article published by Fortune, private investors pumped $3.3 billion into 229 cybersecurity deals in 2015, according to data from CB Insights. But the slowdown of funding started to build early last year and investments became extremely difficult to secure in the second half of 2016. Investors are looking for unique solutions with a broad range of products and services.
Today, we’re proud to announce a strategic investment by Microsoft Ventures.