Wednesday, August 10, 2022
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 393’
  • PreVeil Update: Cyber AB Enables Voluntary Assessments with Release of Draft CMMC Assessment Process (CAP)
  • Managing AWS IAM with Terraform – Part 2
  • Dave Piscitello in the Fight Against Phishing | Avast
  • Aspen Security Forum 2022 – Fireside Chat With Robert Gates And Jane Harman

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Threat Hunting for Anomalies in Privileged Account Activity

SBN

Threat Hunting for Anomalies in Privileged Account Activity

by Greg Belding on July 31, 2018

Introduction

A tell-tale sign of your network being hacked is that a privileged account, such as a system administrator account, has been compromised. Attacks of this kind can come from anyone – either a malicious insider or a computer hacker. This article will examine threat hunting for anomalies in privileged account activity including what to look for when determining whether threats have impacted your information security environment.

How Do Anomalies in Privileged Account Activity Fit into The Big Picture?

Anomalies in ‘Privileged Account Activity’ is considered to be an Indicator of Compromise (IoC). Indicators of Compromise are artifacts observed on an operating system or a network that indicate possible breach or intrusion. In other words, IoCs can act as intrusion breadcrumbs for Information Security professionals to use to track down threats. The idea is that by following IoCs, threats can be detected and stopped in their earliest stages to prevent or mitigate the impending attack.

DevOps Connect:DevSecOps @ RSAC 2022

Information Security professionals often use IoCs to better analyze a malware’s behavior, patterns, and techniques. IoCs also provide actionable threat intelligence that can be shared within the greater Information Security community to further improve incident response and remediation strategies about a particular piece of malware. This helps to educate the Information Security community as a whole and will frustrate the cybercriminals that are performing these network attacks.

Anomalies in Privileged Account Activity as an Indicator of Compromise

According to Geoff Webb, director of solution strategy for NetIQ, “Changes in the behavior of privileged users can indicate that the user account in question is being used by someone else to establish a beachhead in your network. Watching for changes — such as time of activity, systems accessed, type or volume of information accessed — will provide early indication of a breach.”

When attackers leave a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/jPMnmRd81fs/

July 31, 2018July 31, 2018 Greg Belding Threat Hunting for Anomalies in Privileged Account Activity
  • ← Ben’s Book of the Month: Review of “The Truth Machine: The Blockchain and the Future of Everything”
  • Threat Hunting for Unusual DNS Requests →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Slack App Leaked Hashed User Passwords for 5 YEARS
Twilio Fails Simple Test — Leaks Private Data via Phishing
GitHub Zero-Day: From 35K Repos Compromised to False Alarm
API Security: A Complete Guide
The Fall of Passwords and the Rise of Analytics
SOC 2 Compliance: Q&A with Compliance and Security Expert David Carter
What You Need to Know About Ransomware in AWS
How to detect Log4j vulnerabilities in Java projects for free with CodeSec
Building a Defense Against Cybersecurity Fraud and Brand Impersonation
Aspen Security Forum 2022 – Fireside Chat With William J. Burns, Director, United States Central Intelligence Agency, Moderator: Andrea Mitchell

Upcoming Webinars

Wed 17

Code Tampering: Four Keys to Pipeline Integrity

August 17 @ 1:00 pm - 2:00 pm
Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous

July 21, 2022 Richi Jennings | Jul 21 0
How AI Secures the Future of Digital Payments
Application Security Cloud Security Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

How AI Secures the Future of Digital Payments

July 18, 2022 Natasha Lane | Jul 18 0
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

June 17, 2022 Richi Jennings | Jun 17 Comments Off on HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

Top Stories

Twilio Fails Simple Test — Leaks Private Data via Phishing
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Governance, Risk & Compliance Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Twilio Fails Simple Test — Leaks Private Data via Phishing

August 9, 2022 Richi Jennings | Yesterday 0
GitHub Zero-Day: From 35K Repos Compromised to False Alarm
Application Security Cybersecurity Featured Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

GitHub Zero-Day: From 35K Repos Compromised to False Alarm

August 8, 2022 Gabriel Liechtman-Manor | 1 day ago 0
Slack App Leaked Hashed User Passwords for 5 YEARS
Analytics & Intelligence API Security Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Slack App Leaked Hashed User Passwords for 5 YEARS

August 8, 2022 Richi Jennings | 2 days ago 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comic - 'WEEK 393’

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 393’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.