Virtualization Technology News and Information
Article
RSS
SentinelOne Announces Lateral Movement Detection Engine to Catch Unauthorized Network Movement from Malicious Actors

SentinelOne, a pioneer in delivering autonomous AI-powered security for the endpoint, datacenter and cloud, today announced their Lateral Movement Detection Engine to identify and stop malicious actors from accessing further parts of a network. One of the most common tactics used by an attacker once infiltrating a network is to start to move laterally, hopping from machine to machine in an attempt to traverse the network for specific assets, or just as means to infect and gain persistence over multiple hosts. Lateral movement attempts will also often involve credentials scraping techniques to attempt to steal admin passwords, or pass the ticket techniques to hop from machine to machine.

Lateral movement can also be attributed to two main causes: a live attacker traversing a network, or malicious code with automatic spreading abilities such as a worm. The techniques to perform lateral movements can include utilizing exploits such as the EternalBlue SMB exploit, using remote desktop protocols, using harvested credentials with tools/interfaces like Powershell and WMI, and executing code on a remote machine.

Given that the vast majority of the above techniques are fileless methods most traditional security controls have a hard time identifying an attacker or a piece of code moving within a network. The stealthy nature of these attacks make them highly efficient and lucrative for the attacker on one hand, and can allow mass infections on the other hand.

SentinelOne's Lateral Movement Detection engine utilizes the platform's low level monitoring to gain visibility into all machine operations, including the above script language and protocols. It is able to detect and mitigate lateral movement attacks in real time by building execution context in real time and applying Behavioral AI to identify the anomalies in usage of these various techniques to move around in the network, preventing the spread of malware or a "roaming" attacker.

The type of detection and visibility offered by the SentinelOne Lateral Movement Detection is far superior to every other EDR tool out there and is integrated holistically for automated operation into our 2.0 platform - no configuration needed.

Watch the video below to see the Lateral Movement Engine in action. An infected machine will attempt to infect additional machines on the same network by utilizing ps.exe in order to make that infection happen. The video will show how a machine with the SentinelOne agent installed would detect and block this type of lateral movement attack from an infected machine. It will then show some of the information that SentinelOne provides about the attack such as information about the identified threat and the infected machine, the actual engine that blocked the attack, and an attack storyline that shows the visual forensics of the attack.



Last month, the SentinelOne Platform was deployed alongside an existing EDR tool on a prospect network, and within minutes of deployment SentinelOne identified an attacker moving laterally in the network. Read the full incidence report to learn more about a real live case - from deployment to full mitigation. DOWNLOAD NOW

Published Tuesday, October 31, 2017 9:47 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2017>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234