Skip to main content

White Paper

Detecting Compromised User Credentials

Learn how to detect and investigate user impersonation.

All the biggest data breaches, judged either by number of records breached or the importance of the data stolen, have involved attackers leveraging stolen user credentials to gain access. In many cases, the credentials were phished from a company or government agency employee, meaning an employee clicked on a planted link and unknowingly handed over his or her credentials. These attackers went on to impersonate employees, escalate privileges and, in some cases, create highly privileged phantom user accounts. Most enterprises and government organizations that experience data breaches have traditional security point solutions, log management, and security information and event management (SIEM) solutions in place. However, SIEM is not a comprehensive solution on its own.

This white paper details how user behavior analytics and security session assembly can help enterprises find and root out attackers that impersonate employees.

Read the white paper and learn:

  • How to detect attackers with a system that learns credential behaviors and characteristics
  • Where credentials enable attack chain functions
  • How to find attackers that switch identities
  • 2017