Advanced attacks happen over time and there are multiple phases to each attack. Take the home burglary analogy. An intruder picks the lock on the front door, disables the home alarm system and gets into the house. But before any real damage is done, the burglar needs to explore the house to find and collect the valuables, fill the pillowcase and then escape out the back door.
Similarly, the initial breach of the perimeter defense is only the first of multiple steps. The attacker must also inventory the resources on the network, collect additional credentials that will unlock the desired sensitive data and then escalate its level of access privileges.
How does an attacker do this? The attacker typically employs common administration tools to gather information on remote systems. It attempts to use the Local or Domain administrator credentials captured from the “beachhead machine” on other resources in the network. The attacker may target IT administrators or even Active Directory domain controllers.
CounterTack enables organizations to detect in-progress attacks and identify malicious lateral movement and unauthorized privilege escalation attempts. Based on the Event Horizon® platform and its high performance, covert virtual machine introspection capabilities, CounterTack continuously monitors for evidence of an in-progress advanced persistent threat.
Learn more about CounterTack’s solutions: