After witnessing some of the worst cyber-attacks unravel, security teams are now coming to the realization that the best way to detect advanced persistent threats (APTs) is post-breach. It is unquestionable, penetration is not only difficult to detect, but it is also close to impossible to prevent. BUT have no fear - complex cyber-attacks CAN be stopped by identifying an attacker's activity within the network and on an organization's endpoints.
One common attacker behavior that is generally employed shortly after compromising an endpoint is escalation of user privileges. This technique is used among hackers as an early stepping-stone that enables them to completely takeover a victim’s machine and gain access to data that was previously unavailable to the user.
Because privileges escalation is an early attack move, when it can be detected immediately security teams can isolate the affected machines, prevent hackers from gaining more control and ultimately contain the attack at an early stage.
Watch our recent demo video to see how Cybereason detects privileges escalation and how a hacker would employ such a technique. In this video, our researcher simulated privileges escalation by an attacker and captured how Cybereason correctly reported the hacker's activity in real time.