Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat events from multiple sources are correlated and contextualized to enable the analyst to see the complete threat activity. Without complete contextual threat information, analyst and incident response teams are required to switch to different endpoint products and network solutions to understand the attack sequence. Additionally, with the high volume of threat events coming in from diverse security solutions, it becomes extremely difficult for analysts to connect the dots between cross-product alerts and conclude consequential and actionable attack information. This significantly impacts their ability to effectively triage, hunt for threats and apply responsive actions. This is one of the major challenges for organizations that rely on a broad set of security solutions to protect the network and critical assets in their infrastructure. In this blog, we present multiple attack scenarios focused on lateral movement, including abuse of weak service permissions to execute code, dumping and exfiltrating credential material from Active Directory. For each scenario, we demonstrate how Trellix eXtended Detection and Response (XDR) helps detect and visualize lateral movement by providing a…Read More