Privileged Threat Analytics
In this paper we will focus on detecting Pass-The-Hash attacks, after the credentials were stolen, via the event viewer.
Pass-The-Hash is an attack technique that allows an attacker to start lateral movement in the network over NTLM protocol,
in contrary to Over Pass-The-Hash which use Kerberos protocol, without the need for the user password. We will compare
between legitimate and illegitimate NTLM connections, we will show what indictors can be used to distinguish between
them and what we can conclude from that to build out an algorithm to demonstrate detection of Pass-the-Hash attacks.
CyberArk Labs created a tool (Ketshash) that demonstrate the detection methods that we will talk about in this paper. This
paper does not provide a 100% solution for Pass-The-Hash attack but it will show what can be done with the available tools
and how to create a general view of the NTLM connections over the network.
In this video, learn how CyberArk solutions work together to automatically detect potential insider attacks and make IT audits easier.
Fill out the form to the right to instantly receive all three reports for free.
The Forrester Wave™: Privileged Identity Management, Q3 2016
After evaluating Privileged Identity Management (PIM) vendors across 22 key criteria, Forrester named CyberArk a Leader with the largest PIM market presence. CyberArk also received the highest possible score in the following criteria: cloud support, privileged session management and recording, and application-to-application password management.
IDC MarketScape: Worldwide Privileged Access Management Vendor Assessment
The IDC MarketScape* assesses 10 vendors offering products in the privileged access management (PAM) market and notes that, “CyberArk is the PAM pure-play “big gorilla” with the most revenue and largest customer base.”
KuppingerCole Leadership Compass: Privilege Management 2015
Named the overall market leader, KuppingerCole determined that CyberArk is the “Gold Standard” and the “one to beat in Privileged Management.” The CyberArk Privileged Account Security Solution received the highest possible rating across security, functionality, integration, interoperability and usability categories.
*IDC MarketScape: Worldwide Privileged Access Management Vendor Assessment (doc #253303)