Cyberthreats Go Sideways

The cyber threats are going sideways. Here I’m not talking about Sideways*,* the 2004 movie starring Paul Giamatti and Thomas Hayden Church that made Pinot Noir famous while the pair traveled through Santa Barbara County wine country in seven days. Rather, I’m talking about cyberattacks that work through lateral movement through your network infrastructure. No one wants to get famous because of cyberattacks which can travel inside your network in tens or even hundreds of days without being noticed.

Let me give you an example how a cyberattack can move laterally inside your network. A registered user logs into a server at an anomalous time, say 3AM. Not a big deal by itself because the login was successful. The user’s IP address indicates that the login came from outside of United States. That’s a fairly big deal because you know the user lives in Santa Barbara, California and doesn’t travel much. But still, the login was successful. On further investigation, examining server events shows that the user accessed your Active Directory server and added a user, uploaded a file to your SolarWinds server, and began exporting sensitive data from another server via FTP. As you can see, the attacker was taking a journey, hopping from an initial point of entry or compromise and then from one server to another.

If a security analyst is can piece these activities together, it becomes clear that there is a true exploit and an attack is in progress. Now you can take steps to remedy it. Using a SIEM or a normal SOC platform, detecting and responding to this sort of thing would require communication among two or three analysts who are in charge of disparate security tools, which could take hours or days. But with Stellar Cyber’s Open XDR platform, all of these data points are automatically integrated and correlated in a single place, yielding a high-fidelity alert and providing lots of context and supporting detail for research or corroboration. The drill-down dashboard shows all of the events in parallel on one screen. You can drill down into each event to investigate the attack fully, all from within the same screen. The response actions, such as disabling the user or blocking the attacker’s IP address, can be taken on the same console without leaving the platform. The process takes only a few seconds.

Event correlation like this is what makes Stellar Cyber’s Intelligent Open XDR security operations platform different from all others, and it’s critically needed in a cyber landscape where threats are going sideways. If you want to be protected, break the chains of siloed tools and augment your toolkit with the only platform that pulls it all together. Then you can drink your glass of Pinot in peace or have time to vacation in Santa Barbara or watch a plethora of movies.

Don’t let your security operations go sideways! Take decisive control by finding true exploits quickly and shutting them down before any theft or damage can occur.