Security News > 2021 > September > Finding and using the right cybersecurity incident response tools

You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope of what took place-all while the culprits are potentially taking steps to cover their tracks.

The attacker might then use stolen user credentials to move laterally throughout the network, finally launching a DCShadow attack that uses replication permissions to imitate a domain controller and make changes to Active Directory.

To a similar effect, the Purple Knight tool from Semperis allows administrators to enumerate different exposures in AD. Using a combination of the information about the initial access to AD and what exposures exist, security defenders can make determinations about where the attackers might have gone next.

By understanding the links between users and groups, security teams and incident responders will be better able to react to attacks.

The ability to monitor and audit AD can not only proactively detect attacks on AD, but also identify what happened in a breach's aftermath, making the tools' reporting capabilities and automation crucial.

Armed with the ability to map attack paths and to track users, groups, and permissions, forensic investigations can move more quickly to uncover the scope of an attack.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/xTRVb4Y4puU/