In our ongoing expansion of threat detection capabilities, as we keep pace with the evolving threat landscape, Prisma Cloud has added eight new anomaly policies to detect suspicious operations for Azure ® environments. Introducing New Anomaly Detection Policies The timely detection and containment of security threats rely on anomaly policies that issue high-fidelity alerts for suspicious operations - and free security teams to investigate and remediate critical incidents. The activity of a user executing a RunCommand operation points to lateral movement, while the activity of a virtual machine modifying the network route table indicates defense evasion. In this scenario, organizations can be alerted to suspicious operations at many stages of the attack. The attacker could then use the permissions of the machine to modify the routing tables in the network and directly access a remote server to perform data exfiltration. The attacker might use the user’s permissions to remotely run commands to an active virtual machine and log into it. Imagine that a privileged user account has been compromised. Such operations allow bad actors to perform a range of attack techniques, such as lateral movement, credential access, and data exfiltration. Exploiting privileged operations for malicious intent is one of the biggest threats in the public cloud.
0 Comments
Leave a Reply. |