Compromised insiders are one of the most difficult security risks for an enterprise to detect, escalate, and manage. In this scenario, an attacker acquires legitimate user credentials and uses them to gain access within a network — typically without the legitimate user’s knowledge — then uses those credentials to operate as a trusted insider and discreetly perform reconnaissance within a network.
If the compromised credentials belong to a key service account, IT administrator, or other privileged user with access to sensitive information or assets, the impact to your organization can be massive. Complicating this, elevation of privilege and escalation attacks as part of lateral movement are some of the most dangerous secondary attack stages in any risk framework.
This guide describes how Exabeam can identify and mitigate the potential risk of seven common compromised insider use cases:
1. Compromised Credentials
2. Lateral Movement
3. Privilege Escalation
4. Privileged Activity
6. Account Manipulation
7. Data Exfiltration