Thursday, September 23, 2021, 1:21 AM
By using active in-network defense, it is possible to detect credential theft attacks.
To combat the ever-increasing threats, businesses are increasingly deploying several layers of security defenses, ranging from perimeter defense on network access points to host-based security solutions installed on end user computers.
There are several types of security solutions that can be deployed at the access and distribution layers of the network, as well as out-of-band solutions such as network access control (NAC), security information and event management (SIEM), and user behavior analysis to provide identity-based network access and gain greater visibility into a user's access to critical network resources.
Layered security defenses, on the other hand, present a significant and recurrent problem in identifying novel exploitation methods since they depend largely on established behaviors to do so.
Additionally, identifying post-exploitation activities, which occur after perimeter security has been breached, is a major issue for the corporate network.
After gaining access to a network, attackers would need to steal credentials in order to move laterally inside the network, get access to key network assets, and ultimately exfiltrate data after the initial breach. To conduct internal reconnaissance and remote code execution on key resources, they will use a variety of sophisticated methods, ranging from legal operating system tools to identify network assets, to innovative code execution techniques on the target system. It follows that identifying the legal from malicious usage of Windows' built-in programs, tools, and services becomes a top concern for business networks.
It is necessary for business networks to develop active in-network defensive methods in order to successfully prevent attackers from accessing key network resources in order to address the long-standing issue of lateral movement detection. Deception in the network is one such defensive strategy that has the potential to be an effective solution for detecting credential theft attempts. In order to detect credential stealing attacks with deception, it is necessary to first build out the necessary infrastructure, which includes connecting the decoy machines and services to the same network as the production assets and configuring them with decoy contents that direct the attackers towards the decoy machines and services. Attackers' lateral movement paths may be diverted away from deceptive services if the deceptive network is configured and tuned correctly. This allows attackers to interact with the deceptive network, enabling businesses to safeguard production assets.