They employ phishing scams, harvesting available related user IDs and passwords. Cyber-criminals also try to guess passwords and other credentials to hack into accounts. They use these resources to fake employee credentials and infiltrate an organization’s network undetected. Once they have infiltrated the network, they steal valuable information.
These are the common attack methods used by cyber attackers because detecting a compromised user credentials is hard for network security professionals.
Rapid7, a security analytics software provider, has announced upgrades to its Rapid7 Pro Metasploit and Rapid7 UserInsight to help the network guardians deal with these problems.
“Our latest innovations leverage our deep understanding of the attacker mindset – combining insight from the Metasploit community, Rapid7 Labs research, and our services teams – to enable our customers to detect and contain security incidents quickly and effectively,” explained Lee Weiner, SVP of products and engineering at Rapid7, in a press release. “The 2014 Verizon Data Breach Investigations Report identified stolen credentials as the most common attack methodology; it’s critical that our customers are able to detect and respond to this kind of activity rapidly.”
These enhancements help organizations to simulate attacks of compromised credentials and then assess security risks. At the same time, UserInsight contributes with many detection capabilities for suspicious user behaviour and investigate them.
Effectively managing numerous passwords, hashes and securing shells is the main challenge in the attack simulation method. Attackers use stolen credentials to compromise network security barriers and obtain the new credentials from the system, and by repetition of this process they obtain key data from the network.
Rapid7 says that Metasploit Pro 4.10 simplifies and automates the reuse of credentials which boosts productivity for penetration testers who leverage them to infiltrate large networks. Metasploit Pro 4.10 stores information about where the credentials and like information were gathered and which systems were compromised.
The automation exploits the facts that users seldom utilize application–specific passwords, and those passwords are buffer-stored on the systems they use.
Data from native security event sources, other attack-recognizing and monitoring tools and attacks that would have previously escaped detection are integrated and correlated and prioritized by UserInsight.
Rapid7 claims that only UserInsight can combine context from users, cloud data and end points with advanced detection techniques like honeypots.
New updates to UserInsight
Basically, endpoint monitoring requires an agent be assigned to each system for detection of credential-based attacks. UserInsight can monitor and detect endpoints like privilege escalation without an agent, so managers don’t need to deploy software clients. UserInsight also helps users review rare and unique processes, and detect malware.
After infiltrating a network, an attack has to scan and obtain the networks map to identify a specific target. Honeypots detect/alert these types of scans which are often hard for the security professionals to maintain. UserInsight maintains honeypot thereby can quickly spot attackers before their next move. And once the attacker is spotted, tracking their footsteps becomes essential in order to find out exactly what is compromised. It might be an asset or a user. User Graph helps tracking of users accessing assets and spots attempts to elevate privileges in order to access critical assets. With this specific information network security can speed up response time and identify who else might have been involved.
Both Metasploit Pro 4.10 and UserInsight are available immediately. A free trial is also available of both.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…