Tuesday, August 20, 2019
  • Biometrics, Facial Recognition, Privacy, Security and the Law
  • Climbing the Vulnerability Management Mountain: Taking the First Steps Towards Enlightenment
  • AI – A Silver Bullet for Security It Is Not
  • Cloud OpenLDAP
  • Nexus Repository Now Supports APT

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Threat Hunting for Anomalies in Privileged Account Activity

Threat Hunting for Anomalies in Privileged Account Activity

by Greg Belding on July 31, 2018

Introduction

A tell-tale sign of your network being hacked is that a privileged account, such as a system administrator account, has been compromised. Attacks of this kind can come from anyone – either a malicious insider or a computer hacker. This article will examine threat hunting for anomalies in privileged account activity including what to look for when determining whether threats have impacted your information security environment.

How Do Anomalies in Privileged Account Activity Fit into The Big Picture?

Anomalies in ‘Privileged Account Activity’ is considered to be an Indicator of Compromise (IoC). Indicators of Compromise are artifacts observed on an operating system or a network that indicate possible breach or intrusion. In other words, IoCs can act as intrusion breadcrumbs for Information Security professionals to use to track down threats. The idea is that by following IoCs, threats can be detected and stopped in their earliest stages to prevent or mitigate the impending attack.

Information Security professionals often use IoCs to better analyze a malware’s behavior, patterns, and techniques. IoCs also provide actionable threat intelligence that can be shared within the greater Information Security community to further improve incident response and remediation strategies about a particular piece of malware. This helps to educate the Information Security community as a whole and will frustrate the cybercriminals that are performing these network attacks.

Anomalies in Privileged Account Activity as an Indicator of Compromise

According to Geoff Webb, director of solution strategy for NetIQ, “Changes in the behavior of privileged users can indicate that the user account in question is being used by someone else to establish a beachhead in your network. Watching for changes — such as time of activity, systems accessed, type or volume of information accessed — will provide early indication of a breach.”

When attackers leave a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/jPMnmRd81fs/

July 31, 2018July 31, 2018 Greg Belding Threat Hunting for Anomalies in Privileged Account Activity
  • ← Ben’s Book of the Month: Review of “The Truth Machine: The Blockchain and the Future of Everything”
  • Threat Hunting for Unusual DNS Requests →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Busted: Kaspersky AV Tracks Your Every Click
Protecting Against Spear Phishing Attacks: A Guide
What Unique Cloud Document Indicators Can Reveal About Data Loss Risk
IoT Security: It’s Time Enterprises Take Responsibility
Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked
When it Comes to Application Security, Banks Pay Little Interest
What Hackers Do After Gaining Access to a Website
IoT Devices — Why Risk Assessment is Critical to Cybersecurity
Report: Nashville company pays ex-employee ransom installments only to stall him until the cops make the bust
Serverless Security Explained

Upcoming Webinars

Sep 05

Automating Container Security with AWS and Lacework

September 5 @ 2:00 pm - 3:00 pm
Sep 23

The Next Generation of Application Security

September 23 @ 1:00 pm - 2:00 pm
Oct 21

Open Source Security – Weighing the Pros and Cons

October 21 @ 1:00 pm - 2:00 pm
Nov 11

Trends in Threat Analysis

November 11 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

IoT Security: It’s Time Enterprises Take Responsibility

August 19, 2019 Abby Strong | Yesterday 0
What Unique Cloud Document Indicators Can Reveal About Data Loss Risk
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

What Unique Cloud Document Indicators Can Reveal About Data Loss Risk

August 16, 2019 Salvatore Stolfo | 3 days ago 0
Protecting Against Spear Phishing Attacks: A Guide
Cybersecurity Industry Spotlight Security Boulevard (Original) Social Engineering 

Protecting Against Spear Phishing Attacks: A Guide

August 15, 2019 Lior Gavish | 4 days ago 0

Top Stories

Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked
CISO Suite Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked

August 19, 2019 Richi Jennings | Yesterday 0
Busted: Kaspersky AV Tracks Your Every Click
Application Security Cybersecurity Data Security Endpoint Featured Malware Network Security News Security Boulevard (Original) Spotlight 

Busted: Kaspersky AV Tracks Your Every Click

August 16, 2019 Richi Jennings | 3 days ago 0
WhiteHat Report: DevSecOps Adoption on the Rise
Cybersecurity DevOps Featured News Security Boulevard (Original) Spotlight 

WhiteHat Report: DevSecOps Adoption on the Rise

August 13, 2019 Michael Vizard | Aug 13 0

Security Humor

via the inimitable Daniel Stori at turnoff.us

Daniel Stori’s ‘Profile Pics Vs. Real Life’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.