With the proliferation of user credentials available for sale on the darkweb, impersonation of legitimate users has become a common way for attackers to move undetected inside the network. Lateral movement can take many forms and can be difficult to differentiate from legitimate traffic. Using rules-based approaches, tracking the attacker as they attempt to access valuable data such as personal information, payment information, or intellectual property is nearly impossible. These stolen credentials can be used to access directory services and create additional user accounts in order to maintain access to the systems.
Get a demo to learn how PatternEx: