Employees or other users within an organisation may become compromised if an adversary gains access to their credentials. Bad actors can masquerade as legitimate employees going about their normal business, making them hard to detect. Their under-the-radar activities often take weeks or months to be discovered, resulting in more severe data breaches or remediation costs.
Account Manipulation
Download the Solution Brief
Account manipulations are a collection of techniques an adversary might use to persist in an environment, including manipulations to a user and/or group they might use to maintain access to a network. This might include attempting to elevate their access by modifying the group a compromised insider belongs to, or adding and removing a temporary user in order to shield their true identity. By changing their permissions, adversaries can then perform malicious activity such as: performing reconnaissance of a system, or accessing, hoarding, or exfiltrating data.
Exabeam detects account manipulation by identifying abnormal user behavior such as manipulating an organisation’s active directory (AD), creating or deleting accounts, or modifying group membership and permissions. Exabeam also detects unusual activity performed by adversaries, like when they hide behind system accounts, or when there is abnormal activity using a non-service account
Simply enter a few details to download the full solution brief!
*Click here to view the information notice & cookie policy