Preventing Attacks Launched Deep within the Network

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Attacks that exploit Kerberos, a Windows authentication protocol, have been behind some of the biggest breaches in recent history. These attacks are troublesome for many different reasons, including a complete and total loss of control over the domain controller. Threat actors have uncovered a number of different vulnerabilities that exist within the Kerberos protocol, and when successful, they’re able to elevate unprivileged domain accounts to those of the domain administrator account. The intent of the attacker is to leverage Kerberos tickets to appear to be a legitimate, fully authorized user when authenticating to various systems within the network.

These attacks are extremely difficult to detect, and even more difficult to prevent. Other solutions in the market have the ability to detect Kerberos attacks but come with limited functionality, agent-based performance issues, and well documented by-passing techniques calling into question the value and effectiveness of these solutions. CyberArk Privileged Threat Analytics is the only solution able to detect, alert, prevent and remediate a variety of different flavors of Kerberos-style attacks (Golden Ticket, Overpass-the-Hash, DCSync and PAC [MS14-068] attacks).

Attackers will get inside. It’s what they do. Far too many organizations continue to focus on defending solely against perimeter attacks without considering the impact and devastation of an attack launched from deep within the network. Moreover, while vaulting credentials is certainly a best practice, privileged credentials are often not required for the attacker to be successful in this type of an attack so organizations will undoubtedly benefit from the analytics capabilities CyberArk can provide. This type of attack needs to be prioritized and top of mind for every security operations teams.

In this demo, we walk through an example of how CyberArk Privileged Threat Analytics is able to not only detect, but also automatically stop an attack, preventing further damage to a domain controller. This scenario presents a situation where an attacker gains access to a compromised machine and utilizes a post-exploitation tool to move laterally to a domain controller. The attacker then uses a hash stolen from a logged-in user on the compromised machine, performs an Overpass-the-Hash attack, and gains access to the domain controller. Watch the video below to see how CyberArk detects this activity and breaks the attack chain before irreparable damage is done.

Request a live demo to see Privileged Threat Analytics in action or download the Data Sheet for more information.

The post Preventing Attacks Launched Deep within the Network appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?