Detecting Lateral Movement and Credential Switching: Human vs. Machine
Lateral movement combined with account switching (using a different account when targeting a different host) is a tactic[…]
User and Entity Behavior Analytics (UEBA) is the application of machine learning and security research to determine when users or entities are acting in unusual and risky ways.
Good UEBA doesn’t require static, predefined rules to detect threats, and can therefore evolve along with new techniques enabling your SIEM to be more efficient and effective.
UEBA uses machine learning and data science to gain an understanding of how users (humans) within an environment typically behave, then find risky and anomalous activity that deviates from their normal behavior that may be indicative of a threat.
The data breach at Capital One that exploited a vulnerability in the cloud reported a few weeks ago was one of the largest-ever bank data thefts. We look at how it maps to the MITRE ATT&CK framework and how it could have been detected.