With three-quarters of organizations experiencing threat actors moving through the intrusion chain faster than ever, your ability to detect and respond to cyberattacks is more critical than ever. The traditional focus has been on the endpoint to detect infection activity as a means of launching incident response actions. This method leaves response teams working to identify which endpoints are affected while the attack continues.
Today, with threat actors focusing more on the use of legitimate credentials and vulnerabilities as a means of initial access, a compromised endpoint no longer is the defining factor of a cyberattack. And, in almost every single kind of cyberattack, the misuse of credentials is necessary to enable lateral movement, access, and exfiltration of data – all pointing to identity being a natural indicator of compromise, an insightful way to determine the attack path taken, and an easy means to stop an attacker in their tracks.
In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia once again takes my seat to provide specific context around identity’s use in cyberattacks, including:
- How reliable is using the endpoint to detect attacks
- Why monitoring identity augments your layered security strategy
- Identity’s role in post-compromise stage
- A look at the impact of shifting to using identity as the basis for IR efforts
Up next, we’ll hear from Yiftach Keshet; VP of Product Marketing at Silverfort and Eric Haller; Special Advisor at Silverfort, who will explain and demonstrate how identities are applicable to any attack in which lateral movement is used, especially for ransomware campaigns which rely on getting domain dominance to execute their payload on multiple machines simultaneously. Lateral movement has, in recent years, become a standard link in almost any ransomware and data exfiltration attack. Hence, the insights that relate to containment of the lateral movement and consequential discovery of the attacker’s trail from its detection point to the patient zero where the attack started would assist any IR practitioner in conducting an efficient response process.
Yiftach will perform a live identity-based incident response demonstration covering the full identity-first IR lifecycle that includes containment, investigation, attack path disclosure, and controlled recovery.
This Real Training for Free session will be full of real-world application.