Detecting and Stopping Ransomware at its Most Critical Step – Lateral Movement

Webinar Registration

Ransomware is off the chain these days. Recent data shows nearly every organization today has either experienced or avoided a ransomware attack, extortion methods now include “victim-friendly” stolen data search sites, average ransoms are in the hundreds of thousands, and an average of half your data gets encrypted.

Many security strategies focus on detecting the ransomware malware itself – whether as an attachment in an inbound email, at the other end of a malicious link, or while it’s trying to execute on an endpoint. But ransomware gangs are evolving their tactics daily to find ways to evade detection.

However, there is one aspect of a ransomware attack that can’t be avoided: lateral movement. It’s absolutely necessary for as many systems to be infected (and, therefore encrypted) as possible to improve the chances of ransom payment. And that means moving laterally from machine to machine within the victim environment.

The crux of any lateral movement – regardless of the specific technique – is authentication, making it a perfect opportunity to detect anomalous behavior and stop movement entirely.

So, what kinds of lateral movement are used in ransomware attacks, and how can you detect and isolate?

In this Real Training for Free session, 4-time Microsoft MVP Nick Cavalancia takes my seat as he first discusses:

The use of lateral movement in ransomware attacks
Common methods of lateral movement
The role of authentication

Up next, you’ll hear from Gal Sadeh, Head of Data Science, and Yiftach Keshet, Director of Product Marketing from Silverfort. They will discuss:

How lateral movement attacks in the wild take time to mature
How identifying “building-block” movement events can assist in early-stage detection
What data sources can be useful for detection

They will demonstrate lateral movement detection and analysis using Silverfort’s free Lateral Movement Analyzer tool, showing the presence of lateral movement in an environment, what user accounts and machines are suspected to be compromised, what was the progression level of the attack, and what actions you should take. This is an early preview of this tool which will be presented at the coming Blackhat Arsenal and will be then available for download – so all the analysis you’ll see in this session will be in your reach within a few weeks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.