LATMA – Lateral movement analyzer

During in minutes 45 min

Start 9:00 am

address 28 avenue George V 75008 Paris

Lateral movement has become a staple component used in most wide-scale cyber-attacks on organizations. However, the set of tools for detecting, analyzing, and investigating this key component remains limited. Existing detections are mostly focused on techniques and procedures that abuse the authentication protocol or utilize a vulnerability in its implementation. This is understandable, as such manipulations are easier to detect. However, the most common attack vector does not even have a name. Attacker’s number one attack vector, since the beginning of cyber-attacks has been “obtain a credential, then use it.”
To overcome this issue, a lot of recent techniques are based on finding anomalous authentications and combining them to a lateral movement path. The problem with this approach is that reality shows us that a substantial part of the authentication traffic is considered anomalous but not malicious. This causes an enormous number of false positives and makes such methods impractical.
In August 2021, Grant Ho et al (Ho, 2021) developed the “Hopper” algorithm. The algorithm is based on anomaly detection methods combining knowledge about the servers, users and protocols used in the environment. The algorithm obtains 95% detection of simulated attacks with about 9 false positives a day, a huge improvement comparing methods that came before it. However, the algorithm was trained and tested only on a single environment and simulated attacks, and it might be tailored to this specific environment.

Le présent site stocke des cookies et autres traceurs sur votre équipement (ci-après dénommés « cookies »). Ces cookies sont utilisés par Sysdream pour collecter des informations sur la manière dont vous interagissez avec le site et établir des statistiques et des volumes de fréquentation et d’utilisation afin d’améliorer votre parcours en tant.

Vous pouvez choisir de ne pas autoriser certains types de cookies, à l’exception de ceux permettant l’utilisation du présent site web et qui sont par conséquent strictement nécessaires à son fonctionnement. Pour accepter ou refuser l’utilisation des différentes catégories de cookies (à l’exception de la catégorie des cookies strictement nécessaires), rendez-vous dans les Preference cookies.

Vous pouvez à tout moment revenir sur votre autorisation d’utilisation des cookies (Preference cookies).

Le refus de l’utilisation de certains cookies peut avoir un impact sur votre utilisation du site.

En savoir plus : Politique gestion des cookies

Cookie preferences

Refuse all cookies

Accept all cookies

Strictly Necessary Cookies

The purpose of these cookies is to measure the site's audience and to prevent cybersecurity problems. They allow the provision of this website and are therefore strictly necessary for its operation. They cannot therefore be deactivated

PHPSESSID, pll_language, tarteaucitron, matchadform, _pk_id.26.b623, MATOMO_SESSID

Always active

Youtube video cookies

These cookies are placed by third parties and allow the proper functioning of the YouTube videos inserted on this site. You can refuse or accept the use of cookies from this category. Warning: the refusal of these cookies can have an impact on the functioning of the videos.

Google Youtube

Statistical and marketing cookies

This cookie makes it possible to establish statistics in order to know the origin of the User during a request to download a resource. You can refuse or accept the use of this cookie from this category.

Statistical and marketing cookies

En savoir plus : Cookie management policy

Refuse all cookies

Accept all cookies

Save