04/07/2021 | News release | Distributed by Public on 04/07/2021 09:18
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, '10 Things Your MDR Service Must Do.'
There isn't a single threat or breach that doesn't involve attackers using legitimate credentials to cause harm. Unfortunately, our credential footprint has grown beyond the traditional accounts and directory services to online service accounts, single sign-on (SSO), and other web-based authentication mechanisms.
The best Managed Detection and Response (MDR) providers are not only equipped to detect authentication regardless of where it occurs, but they also possess the intelligence and visibility needed to detect when an attacker might be looking to compromise those credentials through social engineering.
Many traditional SIEM solutions claim to utilize User Behavior Analytics (UBA) detections, but SIEM engines aren't built for real-time attribution. Users and assets constantly move around in a modern network architecture, leading to an engine that cannot accurately map events to entities. This requires going beyond out-of-the-box detections to require advanced analytics and human threat detectors.
Our team is able to leverage real-time attribution from these UBA indicators within InsightIDR to more easily determine whether a potential threat is an outside attacker impersonating an employee or an actual employee who is presenting risk, whether through negligence or malice. UBA utilizes our purpose-built proprietary attribution engine to detect behaviors indicative of true threats, while sorting out users who may be doing unusual tasks but are not actually compromised. This enables our team to connect network activity to a specific user, as opposed to an IP address or asset, to detect compromised credentials, lateral movement, and other malicious behavior. Learn more about the UBA features in InsightIDR.
This combination allows the MDR analysts to dynamically prioritize and rank alert criticality by:
Find this post helpful? Bee sure to check out other posts in this series here!