Detect and Prevent Lateral Movement in Real-Time

Malicious attackers laterally move across the network to get to the critical systems and oftentimes leverage common protocols such as NTLM or tools like Mimikatz. Protecting your infrastructure by identifying weak spots is critical to stop an attacker in their tracks and contain the breach. With Preempt, you can continuously monitor the network and all other entities to identify and stop lateral movement, in real-time, before it impacts your organization.

What is Lateral Movement

Lateral movement is a type of attack used by sophisticated hackers to gain access to crown jewel applications and exfiltrate sensitive data. Lateral movement attacks, in general, progress slowly, yet systematically so as not to arouse suspicion – making it difficult to detect and react in time.

The attacker will move laterally and eventually try to compromise account credentials (human or service accounts) using a variety of techniques such as through social engineering, Pass the Hash (PtH), Golden Ticket, or using tools like Mimikatz, PsExec, WMI, and PowerShell

Detect Lateral Movement Threats - Without Using Logs!

Preempt finds deterministic signs of attacks inside the network including lateral movement techniques such as Pass-the-Hash/Ticket attacks, Golden Tickets, and directory harvesting – without the need for logs, looking back in time and connecting the dots.

Preempt can proactively detect and apply policies to common tools such as Mimikatz, PsExec, PowerShell, and more. With Preempt, you can also detect the use of NTLM, LDAP/S, and a wide variety of related relay attacks.

Prevent Attacks in Real-time

Attackers often rely on common administrator tools and protocols or weak protocols that can be abused. Preempt’s proprietary security analytics and pattern recognition can spot the unusual protocol misuse and triage with risky behavior detection to help organizations stop lateral movement.

With Preempt, you can continuously detect and prevent threats based on identity, behavior, and changing risks.

Enforce Strict Authentication Policies

Preempt lets you take action early in a lateral movement attack without disrupting valid users. Trigger Conditional Access or step-up authentication using MFA, based on virtually any aspect of changing risk to distinguish between genuine user accesses from malicious activities.

You can choose from any number of other responses such as password changes, quarantine devices, and more, based on the context.

Why Preempt

Preempt Platform Dashboard

  • Prevent lateral movement and unauthorized domain access due to the misuse of network credentials via reconnaissance tools
  • Real-time threat detection to detect sophisticated threats using user credentials
  • Block and easily contain PowerShell, PsExec and other attacking tools
  • Deeply inspect authentication protocols such as NTLM, DCE/RPC, Kerberos and LDAP to control protocol usage
  • Reduce the risk of credential forwarding, password cracking and other credential-based attacks such as Pass-the-Hash and Golden Ticket

Whitepaper: Disrupting the Cyber Kill Chain – How to Contain Use of Tools and Protocols