How AI is used to detect lateral movement: Use case

May 11, 2023 by Zach Swartz, Adlumin

Adlumin recently flagged lateral movement incidents on a customer’s network. The detection was achieved via an AI algorithm designed to aggregate suspicious incidents until they collectively project a high-fidelity threat signal. This prevented further compromise of valuable resources, and Adlumin detection response teams advised the client on remedial action.

Lateral movement

When a cybercriminal first gains access to a network, they often move laterally to different machines until they find what they’re looking for. This movement can usually be traced using Windows access-event logs. However, detecting this behavior automatically amongst the enormous corpus of access events can be extremely difficult, especially when it involves privileged users with network-wide access. This is where Adlumin AI comes into play.

Adlumin AI

A machine-learned algorithm assigns an anomaly score to each successful logon event that occurs on an Adlumin customer’s machine. Anomalous logon events are then aggregated to form access graphs, which are subsequently assessed for attack signatures. For example, many anomalous logon events from a single user on a single machine may indicate that an attacker is attempting to gain access to network share drives or performing scanning-like behavior to gain a foothold elsewhere on the network. Below is an example of a penetration test detected on a customer network where the user attempted to access 15 separate machines.

How AI is used to detect lateral movement: Use case

Lateral movement

Adlumin AI

Featured

Best advice for your career: Run YOUR race

Why connecting with Gen Z and Millennial credit union members is crucial

Rethink your marketing for the digital age—Embedded finance is key

Leadership is lonely—but you are not alone

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!