Privilege escalation is the fourth most common tactic used in reported data breaches. Many legacy security systems that rely on static correlation rules are unable to detect an attacker who escalates their privileges. A privileged user’s work patterns may not occur in regular, predictable patterns, making it difficult to detect privilege escalation. If undetected, a privilege escalation attack can enable access to high value assets with impunity. The result of a privilege escalation attack can be devastating to an organisation, as attackers gain access to networks, typically with the aim of exfiltrating data, disrupting business activity, or installing backdoors to enable continued access to internal systems.
Exabeam helps protect against attackers using privilege escalation by detecting techniques like credential enumeration, bloodhound execution, and more. Behavioral models detect anomalous activity, like first time access to hosts and assets or permission changes, and put them in the context of the historical behavior of that user, their peers, and their organisation to clearly distinguish an adversary from a normal user.