These attackers typically enter the infrastructure using stolen credentials, phishing attacks, exploiting vulnerable servers, and establish a foothold in a handful of machines.
They are extremely stealthy and take their time:
LoTL binaries can be used by attackers for a plethora of tactics and techniques, including:
Financial gain is a primary motivator for a majority of insider threats. These adversaries typically focus on exfiltrating intellectual property, employee information, customer data and other valuable information. Disgruntled employees might also delve into data destruction, defacement or other destructive activities.
Kognos platform is built to trace the subtlest of suspicious behavior. Given we are tracing the entire activity of the user, we can cumulatively look at the insider’s activity to bubble up possible threats. Use of abnormal tools, excessive movement of data, abnormal use of external domains are all traced by the Kognos platform.