{"id":1295,"date":"2019-07-24T12:31:31","date_gmt":"2019-07-24T04:31:31","guid":{"rendered":"https:\/\/greycortex.hk\/?page_id=1295"},"modified":"2019-08-20T17:03:49","modified_gmt":"2019-08-20T09:03:49","slug":"use-case-malicious-insider-attack","status":"publish","type":"page","link":"https:\/\/greycortex.hk\/zh\/use-case-malicious-insider-attack\/","title":{"rendered":"Use Case – Malicious Insider Attack"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Malicious Insider Attack<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Industry:<\/strong><\/p>

IT<\/p>

Entry Point:<\/strong><\/p>

Insider Attack<\/p>

Objective:<\/strong><\/p>

Company data theft\/revenge<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Primary Detection:<\/strong><\/p>

Advanced behavioral analytics
\u2022 Brute-force attack
\u2022 Network scanning<\/p>

Network visibility
\u2022 New device in network<\/p>

Stolen Credentials Identified by:<\/strong><\/p>

Active Directory Integration<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
In an IT company, a disgruntled employee decided retaliate against his employer. As a developer, he had access into internal company systems, but was unable to access certain sensitive company information which he wanted. He took several suspicious actions within the network in order to hack into the data. He launched a scan for unsecured devices which could access the data he sought, then attempted a brute force attack to access those devices.<\/h5>
MENDEL identified these behaviors, both the network scan, and the brute force attack, as they happened and automatically alerted the security team. This attack was done using a private device and the credentials of another user. MENDEL identified the device as a standard feature, but through MENDEL\u2019s integration with Active Directory \u2013 available out of the box \u2013 the security team could identify the employee whose credentials were misused. After comparing the network behavior of the attacking device with the behavior of other users during the attack, the list of suspects was narrowed down. After short investigation, the employee was identified and immediately terminated.<\/h5>
Employee attacks can have devastating eff ects on company data, reputation, and revenue. But like advanced threats, employee attacks involve anomalous behavior within the network. This behavior was easily detected by MENDEL, allowing the security team to stop the attack before it could do damage.<\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

\u4f60\u6709\u4ec0\u9ebc\u554f\u984c\u55ce\uff1f<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\u8acb\u7559\u4e0b\u60a8\u7684\u806f\u7d61\u65b9\u5f0f\uff0c\u4ee5\u4fbf\u6211\u5011\u6839\u64da\u60a8\u516c\u53f8\u7684\u9700\u6c42\u63d0\u4f9b\u500b\u6027\u5316\u7684\u670d\u52d9\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

Malicious Insider Attack Industry: IT Entry Point: Insider Attack Objective: Company data theft\/revenge Primary Detection: Advanced behavioral analytics\u2022 Brute-force attack\u2022 Network scanning Network visibility\u2022 New device in network Stolen Credentials Identified by: Active Directory Integration In an IT company, a disgruntled employee decided retaliate against his employer. As a developer, he had access into internal […]<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/fullwidth-content.php","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"footnotes":""},"class_list":["post-1295","page","type-page","status-publish","hentry"],"jetpack_shortlink":"https:\/\/wp.me\/PaZ0Rf-kT","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/pages\/1295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/comments?post=1295"}],"version-history":[{"count":22,"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/pages\/1295\/revisions"}],"predecessor-version":[{"id":2018,"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/pages\/1295\/revisions\/2018"}],"wp:attachment":[{"href":"https:\/\/greycortex.hk\/zh\/wp-json\/wp\/v2\/media?parent=1295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}